First published: Thu Nov 09 2017(Updated: )
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Brother Dcp-j132w Firmware | <=1.20 | |
Brother DCP-J132W |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2017-16249.
The severity of CVE-2017-16249 is high with a severity value of 7.5.
The Brother Dcp-j132w Firmware is affected by CVE-2017-16249.
CVE-2017-16249 can be exploited by sending a single malformed HTTP POST request to the Debut embedded http server.
There is no known fix available for CVE-2017-16249 at the moment.