A security researcher has found nearly 700 Brother printers left exposed online, allowing access to the password reset function to anyone who knows what to look for.
Discovered by Ankit Anubhav, Principal Researcher at NewSky Security, the printers offer full access to their administration panel over the Internet.
Anubhav has provided Bleeping Computer with a list of exposed printers. Accessing a few random URLs, Bleeping has discovered a wide range of Brother printer models, such as DCP-9020CDW, MFC-9340CDW, MFC-L2700DW, or MFC-J2510, just to name a few.
One of the cause of some of these exposures is Brother's choice of shipping the printers with no admin password. Most organizations most likely connected the printers to their networks without realizing the admin panel was present and wide open to connections. These printers are now easy discoverable via IoT search engines like Shodan or Censys.
Full Article.
