Brother Industries, Ltd. Multifunction Printers Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

A vulnerability exists in multiple multifunction printers (MFPs) from Brother Industries, Ltd. These printers do not properly validate server certificates, which could enable a man-in-the-middle attacker to intercept communications and replace the printer's root certificates with arbitrary ones. This flaw could compromise the security of TLS communications by allowing unauthorized CA certificates to be installed on the device.

Impact

Exploitation of this vulnerability could lead to a man-in-the-middle attack, where an attacker could replace the printer's root certificates with malicious ones, potentially compromising TLS communications.

Remediation

Users are advised to update the firmware of their devices. The latest firmware version varies by model and can be downloaded using the Brother Firmware Update Tool. Specific update instructions are available on the Brother support website.