High severity7.5NVD Advisory· Published Nov 10, 2017· Updated May 13, 2026

CVE-2017-16249

Description

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.

Affected products

Brother/Dcp J132w Firmware
cpe:2.3:o:brother:dcp-j132w_firmware:*:*:*:*:*:*:*:*
Range: <=1.20

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.htmlnvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/43119/nvdExploitThird Party AdvisoryVDB Entry
www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/nvdExploitThird Party Advisory
www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.054
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000