CVE-2017-16249

HIGH

Debut embedded http server - DoS

Title source: llm

Description

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.

Exploits (2)

exploitdb WORKING POC

by z00n · pythondoshardware

https://www.exploit-db.com/exploits/43119

View Code ZIP pw:eip

metasploit WORKING POC

by z00n <[email protected]>, h00die · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/brother_debut_dos.rb

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43119/

[Exploit, Third Party Advisory] https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211

[Third Party Advisory] https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033

Scores

CVSS v3 7.5

EPSS 0.6730

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (1)

brother/dcp-j132w_firmware < 1.20

Published Nov 10, 2017

Tracked Since Feb 18, 2026