CVE-2017-7588

Brother MFC-J6520DW - Authentication Bypass / Password Change

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.

En ciertos dispositivos Brother, autorización es mal manejada incluyendo una cookie válida AuthCookie en la respuesta HTTP para un intento fallido de inicio de sesión. Modelos afectados son: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.

Brother MFC-J6520DW suffers from a password changing authentication bypass vulnerability.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-04-08 CVE Reserved
2017-04-12 CVE Published
2024-08-05 CVE Updated
2024-08-05 First Exploit
2024-10-25 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-287: Improper Authentication

CAPEC

References (2)

URL	Tag	Source
https://cxsecurity.com/blad/WLB-2017040064	X_refsource_misc

URL	Date	SRC
https://www.exploit-db.com/exploits/41863	2024-08-05

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-8710dw Search vendor "Brother" for product "Mfc-8710dw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-9130cw Search vendor "Brother" for product "Mfc-9130cw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-9330cdw Search vendor "Brother" for product "Mfc-9330cdw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-9340cdw Search vendor "Brother" for product "Mfc-9340cdw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-j3720 Search vendor "Brother" for product "Mfc-j3720"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-j4420dw Search vendor "Brother" for product "Mfc-j4420dw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-j4620dw Search vendor "Brother" for product "Mfc-j4620dw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-j5620dw Search vendor "Brother" for product "Mfc-j5620dw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-j5910dw Search vendor "Brother" for product "Mfc-j5910dw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-j6520dw Search vendor "Brother" for product "Mfc-j6520dw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-j6720dw Search vendor "Brother" for product "Mfc-j6720dw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-j6920dw Search vendor "Brother" for product "Mfc-j6920dw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-j6973cdw Search vendor "Brother" for product "Mfc-j6973cdw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-l2700dw Search vendor "Brother" for product "Mfc-l2700dw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-l2720dw Search vendor "Brother" for product "Mfc-l2720dw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-l2740dw Search vendor "Brother" for product "Mfc-l2740dw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-l8600cdw Search vendor "Brother" for product "Mfc-l8600cdw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-l8850cdw Search vendor "Brother" for product "Mfc-l8850cdw"	-	-	Safe
Brother Search vendor "Brother"	Mfc Firmware Search vendor "Brother" for product "Mfc Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Mfc-l9550cdw Search vendor "Brother" for product "Mfc-l9550cdw"	-	-	Safe
Brother Search vendor "Brother"	Dcp Firmware Search vendor "Brother" for product "Dcp Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Dcp-l2520dw Search vendor "Brother" for product "Dcp-l2520dw"	-	-	Safe
Brother Search vendor "Brother"	Dcp Firmware Search vendor "Brother" for product "Dcp Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Dcp-l2540dw Search vendor "Brother" for product "Dcp-l2540dw"	-	-	Safe
Brother Search vendor "Brother"	Ads Firmware Search vendor "Brother" for product "Ads Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Ads-1000w Search vendor "Brother" for product "Ads-1000w"	-	-	Safe
Brother Search vendor "Brother"	Ads Firmware Search vendor "Brother" for product "Ads Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Ads-1500w Search vendor "Brother" for product "Ads-1500w"	-	-	Safe
Brother Search vendor "Brother"	Ads Firmware Search vendor "Brother" for product "Ads Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Ads-2500w Search vendor "Brother" for product "Ads-2500w"	-	-	Safe
Brother Search vendor "Brother"	Hl Firmware Search vendor "Brother" for product "Hl Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Hl-3140cw Search vendor "Brother" for product "Hl-3140cw"	-	-	Safe
Brother Search vendor "Brother"	Hl Firmware Search vendor "Brother" for product "Hl Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Hl-3170cdw Search vendor "Brother" for product "Hl-3170cdw"	-	-	Safe
Brother Search vendor "Brother"	Hl Firmware Search vendor "Brother" for product "Hl Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Hl-3180cdw Search vendor "Brother" for product "Hl-3180cdw"	-	-	Safe
Brother Search vendor "Brother"	Hl Firmware Search vendor "Brother" for product "Hl Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Hl-l2380dw Search vendor "Brother" for product "Hl-l2380dw"	-	-	Safe
Brother Search vendor "Brother"	Hl Firmware Search vendor "Brother" for product "Hl Firmware"	-	-	Affected	in	Brother Search vendor "Brother"	Hl-l8350cdw Search vendor "Brother" for product "Hl-l8350cdw"	-	-	Safe