VYPR

Vendor CVEs

Brother

All CVEs

40 total · sorted by risk
  • CVE-2017-7588CriApr 12, 2017
    risk 0.69cvss 9.8epss 0.34

    On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW…

  • CVE-2024-44242CriDec 12, 2024
    risk 0.64cvss 9.8epss 0.01

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.

  • CVE-2019-20457CriNov 7, 2024
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the…

  • CVE-2017-16249HigNov 10, 2017
    risk 0.57cvss 7.5epss 0.59

    The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are…

  • CVE-2017-2244HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2021-47869HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\…

  • CVE-2025-49797HigJun 25, 2025
    risk 0.51cvss 7.8epss 0.00

    Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information…

  • CVE-2017-12568HigAug 6, 2017
    risk 0.49cvss 7.5epss 0.02

    Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets.

  • CVE-2024-51984MedJun 25, 2025
    risk 0.44cvss 6.8epss 0.01

    An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled…

  • CVE-2024-22475MedMar 18, 2024
    risk 0.40cvss 6.1epss 0.00

    Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected…

  • CVE-2024-51981MedJun 25, 2025
    risk 0.35cvss 5.3epss 0.01

    An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The…

  • CVE-2024-51980MedJun 25, 2025
    risk 0.35cvss 5.3epss 0.01

    An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port…

  • CVE-2024-21824MedMar 18, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative…

  • CVE-2018-11581MedJun 1, 2018
    risk 0.34cvss 4.8epss 0.02

    Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.

  • CVE-2025-8452MedAug 12, 2025
    risk 0.28cvss 4.3epss 0.00

    By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to…

  • CVE-2025-53869LowJan 29, 2026
    risk 0.24cvss 3.7epss 0.00

    Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates.

  • CVE-2025-64696LowDec 9, 2025
    risk 0.21cvss 3.3epss 0.00

    Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.

  • CVE-2021-47985Jun 19, 2026
    risk 0.00cvss epss 0.00

    Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges…

  • CVE-2020-36929Jan 15, 2026
    risk 0.00cvss epss 0.00

    Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject…

  • CVE-2020-36928Jan 15, 2026
    risk 0.00cvss epss 0.00

    Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system…

  • CVE-2024-48870Oct 25, 2024
    risk 0.00cvss epss 0.00

    Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.

  • CVE-2024-47801Oct 25, 2024
    risk 0.00cvss epss 0.00

    Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.

  • CVE-2024-47549Oct 25, 2024
    risk 0.00cvss epss 0.00

    Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.

  • CVE-2024-47406Oct 25, 2024
    risk 0.00cvss epss 0.01

    Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.

  • CVE-2024-42420Oct 25, 2024
    risk 0.00cvss epss 0.01

    Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed.

  • CVE-2023-46327Nov 2, 2023
    risk 0.00cvss epss 0.00

    Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption…

  • CVE-2023-28369May 18, 2023
    risk 0.00cvss epss 0.00

    Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as…

  • CVE-2019-13192Mar 13, 2020
    risk 0.00cvss epss 0.04

    Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.

  • CVE-2019-13193Mar 13, 2020
    risk 0.00cvss epss 0.03

    Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.

  • CVE-2019-13194Mar 13, 2020
    risk 0.00cvss epss 0.02

    Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.

  • CVE-2013-2675Feb 5, 2020
    risk 0.00cvss epss 0.02

    Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information.

  • CVE-2013-2676Feb 4, 2020
    risk 0.00cvss epss 0.02

    Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information.

  • CVE-2013-2674Feb 3, 2020
    risk 0.00cvss epss 0.03

    Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers.

  • CVE-2013-2673Feb 3, 2020
    risk 0.00cvss epss 0.01

    Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access.

  • CVE-2013-2672Feb 3, 2020
    risk 0.00cvss epss 0.02

    Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.

  • CVE-2015-1056Jan 16, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW printer with firmware before L allows remote attackers to inject arbitrary web script or HTML via the url parameter to general/status.html and possibly other pages.

  • CVE-2013-2671Mar 14, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter…

  • CVE-2013-2670Mar 14, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than…

  • CVE-2013-2507Mar 14, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a…

  • CVE-2002-1055Oct 4, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in administrative web server for Brother NC-3100h printer allows remote attackers to cause a denial of service via a long password.