Vulnerabilities > CVE-2017-16249 - Unspecified vulnerability in Brother Dcp-J132W Firmware 1.20
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Exploit-Db
description | Debut Embedded httpd 1.20 - Denial of Service. CVE-2017-16249. Dos exploit for Hardware platform |
file | exploits/hardware/dos/43119.py |
id | EDB-ID:43119 |
last seen | 2017-11-06 |
modified | 2017-11-02 |
platform | hardware |
port | |
published | 2017-11-02 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/43119/ |
title | Debut Embedded httpd 1.20 - Denial of Service |
type | dos |
Metasploit
description | The Debut embedded HTTP server <= 1.20 on Brother printers allows for a Denial of Service (DoS) condition via a crafted HTTP request. The printer will be unresponsive from HTTP and printing requests for ~300 seconds. After which, the printer will start responding again. |
id | MSF:AUXILIARY/DOS/HTTP/BROTHER_DEBUT_DOS |
last seen | 2020-06-10 |
modified | 2018-01-25 |
published | 2017-12-29 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/brother_debut_dos.rb |
title | Brother Debut http Denial Of Service |
Nessus
NASL family | CGI abuses |
NASL id | BROTHER_DEBUT_DOS.NASL |
description | According to its self-reported version number, the embedded Debut HTTP server running on the remote Brother printer is equal or prior to version 1.20. It is, therefore, affected by a denial of service vulnerability. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 104900 |
published | 2017-11-30 |
reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/104900 |
title | Brother Printer Debut embedded httpd <= 1.20 DoS |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/144908/debutembeddedhttpd120-dos.txt |
id | PACKETSTORM:144908 |
last seen | 2017-11-09 |
published | 2017-11-07 |
reporter | z00n |
source | https://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html |
title | Debut Embedded httpd 1.20 Denial Of Service |
References
- http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html
- http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html
- https://www.exploit-db.com/exploits/43119/
- https://www.exploit-db.com/exploits/43119/
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211
- https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033
- https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033