mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
18 KiB
18 KiB
CVE-2024-51982
&color=blue)
&color=blue)
&color=blue)
&color=blue)
&color=blue)
&color=blue)
&color=blue)
&color=blue)
Description
An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash.
POC
Reference
- https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf
- https://github.com/sfewer-r7/BrotherVulnerabilities
- https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed