<Prev | [Index] | Next>

Date: Thu, 16 Nov 2017 16:47:11 -0500

Trustwave SpiderLabs Security Advisory TWSL2017-017:
Remote Unauthenticated DoS in Debut embedded httpd server used by
Brother printers

Published: 11/02/2017
Version: 1.0

Vendor: Brother (http://www.brother-usa.com)
Product: Debut embedded httpd
Version affected: <= 1.20

Product description:
Brother printers are network connected consumer and business multi-function printers. These printers utilize the Debut embedded httpd server to host their web interfaces.

Finding 1: Remote unauthenticated denial of service
Credit: z00n (@0xz00n) of Trustwave
CVE: CVE-2017-16249

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error.  While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.


<Prev | [Index] | Next>