top of page
Search

Why Printer Vulnerabilities Are a Serious Business Risk

  • Writer: Joseph Rapley
    Joseph Rapley
  • Jun 30
  • 2 min read

Updated: Jul 28

Sad printer
Sad printer

Rapid7 recently disclosed multiple security vulnerabilities affecting a range of printers and multi-function devices from vendors such as Brother, FUJIFILM, Ricoh, Toshiba and Konica Minolta. These flaws, tracked under several CVEs, document vulnerabilities on these devices which can lead to an adversary gaining access with admin privileges.


If you think this doesn’t apply to your business because “it’s just a printer,” think again. Printers and other multi-function devices (MFCs) are often overlooked in security plans, but in real-world internal penetration tests, they regularly become a weak point that gives attackers a foothold into otherwise well-protected networks.


Why Printers Matter in Cybersecurity

Printers are usually placed directly onto internal networks. They often store sensitive data, are connected to cloud services, and may have administrator-level credentials saved for scan-to-email or other features. Despite this, they are rarely patched, often misconfigured, and poorly segmented from the rest of the network.


During internal penetration tests, we’ve used insecure printers, MFCs, and other network hardware to:

  • Export configuration files and recover stored domain or domain admin credentials.

  • Redirect scan-to-email or scan-to-folder jobs to attacker-controlled systems to collect usernames, passwords, and email data.

  • View and download scanned documents stored on the device or in associated cloud services.

  • Reconfigure device settings to weaken the internal security posture of the network.


These are not theoretical attacks. We’ve seen them work time and time again during real-world engagements. Once on the internal network, it only takes one poorly secured pritner or network device to start unravelling an organisation’s entire security model.


What Should I Do About the Brother Vulnerabilities?

If your business uses an affected device, take these actions:

  1. Check if your model is affected using Rapid7’s disclosure article.

  2. Apply the latest firmware updates from Brother to patch known vulnerabilities.

  3. Change default admin credentials by changing the admin password at a minimum, or creating a new admin account with a different username altogether.

  4. Review and remove stored credentials, especially any with domain-level access.

  5. Disable unused services such as FTP, Telnet, or older versions of SNMP.

  6. Monitor device logs, if available, for unauthorised access or changes.


How to Secure All Network-Connected Devices

Printers aren’t the only risk. Any network-connected device, from VoIP phones to smart TVs, can pose a threat if not secured properly. To reduce risk across your environment:

  1. Segment devices onto their own VLANs and limit their communication paths.

  2. Treat them as IT assets, not appliances, and include them in patch and config management.

  3. Use strong, unique admin credentials for each device.

  4. Regularly apply firmware and software updates.

  5. Restrict access to management interfaces with IP allowlists or VPN requirements.

  6. Disable remote and cloud features unless absolutely necessary.

  7. Review each device regularly to identify open ports, default passwords, or legacy protocols.


Final Thoughts

Assuming that printers are low-risk simply because they don’t “look” like a computer is a dangerous mindset. In practice, insecure printers have been the gateway to full administrative access in many of our internal assessments.

If your business hasn’t included printers and other networked devices in your security plan, now is the time to fix that.


Need help assessing your internal risks? Contact Cyberoptic Security for a no-obligation chat about internal network security reviews and penetration testing.


 
 
bottom of page