Detections
Analytics

Brother Printers Debut Embedded HTTP Server Denial of Service (CVE-2017-16249)

high Tenable OT Security Plugin ID 503373

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?dec6d9dd

https://www.exploit-db.com/exploits/43119/

http://www.nessus.org/u?661aae0c

http://www.nessus.org/u?85f677d3

Plugin Details

Severity: High

ID: 503373

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 10/23/2025

Updated: 10/23/2025

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2017-16249

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/o:brother:dcp-j132w_firmware

Required KB Items: Tenable.ot/Brother

Exploit Ease: No known exploits are available

Patch Publication Date: 11/10/2017

Vulnerability Publication Date: 11/10/2017

Reference Information

CVE: CVE-2017-16249