CVE-2019-13193

high-risk

Published 2020-03-13

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.

Do I need to act?

2.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Ads-2400N Firmware

Ads-2800W Firmware

Ads-3000N Firmware

Ads-3600W Firmware

Dcp-1610W Firmware

Dcp-1610We Firmware

Dcp-1610Wr Firmware

Dcp-1610Wvb Firmware

Dcp-1612W Firmware

Dcp-1612We Firmware

Dcp-1612Wr Firmware

Dcp-1612Wvb Firmware

Dcp-1615Nw Firmware

Dcp-1616Nw Firmware

Dcp-1617Nw Firmware

Dcp-1618W Firmware

Dcp-1622We Firmware

Dcp-1623We Firmware

Dcp-1623Wr Firmware

Dcp-7180Dn Firmware

Affected Vendors

Brother

References (6)

Vendor Advisory https://global.brother

Vendor Advisory https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00...

Exploit https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabi...

Vendor Advisory https://global.brother

Vendor Advisory https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00...

Exploit https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabi...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 5/34 · Minimal

Exposure 33/34 · Critical