CVE-2017-7588

Name of the Vulnerable Software and Affected Versions Brother printer software versions (affected versions not specified) Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W

Description The vulnerability is related to the authentication procedure in Brother printer software. After a failed login attempt, the HTTP response includes a valid AuthCookie, which can be exploited by a remote attacker to gain access to the device.

Recommendations For each of the affected models, consider disabling the authentication mechanism until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.