VYPR
Vendor

Brother

Products
26
CVEs
40
Across products
47
Status
Private

Products

26

Recent CVEs

40
View all 40 CVEs →
  • CVE-2017-7588CriApr 12, 2017
    risk 0.69cvss 9.8epss 0.34

    On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW…

  • CVE-2024-44242CriDec 12, 2024
    risk 0.64cvss 9.8epss 0.01

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.

  • CVE-2019-20457CriNov 7, 2024
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the…

  • CVE-2017-16249HigNov 10, 2017
    risk 0.57cvss 7.5epss 0.59

    The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are…

  • CVE-2017-2244HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2021-47869HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\…

  • CVE-2025-49797HigJun 25, 2025
    risk 0.51cvss 7.8epss 0.00

    Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information…

  • CVE-2017-12568HigAug 6, 2017
    risk 0.49cvss 7.5epss 0.02

    Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets.

  • CVE-2024-51984MedJun 25, 2025
    risk 0.44cvss 6.8epss 0.01

    An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled…

  • CVE-2024-22475MedMar 18, 2024
    risk 0.40cvss 6.1epss 0.00

    Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected…

  • CVE-2024-51981MedJun 25, 2025
    risk 0.35cvss 5.3epss 0.01

    An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The…

  • CVE-2024-51980MedJun 25, 2025
    risk 0.35cvss 5.3epss 0.01

    An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port…

  • CVE-2024-21824MedMar 18, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative…

  • CVE-2018-11581MedJun 1, 2018
    risk 0.34cvss 4.8epss 0.02

    Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.

  • CVE-2025-8452MedAug 12, 2025
    risk 0.28cvss 4.3epss 0.00

    By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to…

  • CVE-2025-53869LowJan 29, 2026
    risk 0.24cvss 3.7epss 0.00

    Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates.

  • CVE-2025-64696LowDec 9, 2025
    risk 0.21cvss 3.3epss 0.00

    Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.

  • CVE-2021-47985Jun 19, 2026
    risk 0.00cvss epss 0.00

    Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges…

  • CVE-2020-36929Jan 15, 2026
    risk 0.00cvss epss 0.00

    Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject…

  • CVE-2020-36928Jan 15, 2026
    risk 0.00cvss epss 0.00

    Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system…