Hacking A Brother Label Maker: Is Your CUPS Half Empty Or Half Full?
On the one hand, we have been impressed {that a} tiny Brother label maker really makes use of CUPS to assist printing. Like [Sdomi], we have been lower than impressed at how outdated a duplicate it was utilizing – – 1.6.1. After all, [Sdomi] managed to achieve entry to the OS and set issues up the appropriate manner, and we get an over-the-shoulder view.
It wasn’t simply the outdated copy of CUPS, both. The setup web page was very dated and whereas that’s simply beauty, it nonetheless strikes a nerve. The Linux kernel in use was additionally tremendous outdated. Fortunately, the URLs seemed like good candidates for command injection.
Worst of all, the outdated model of CUPS had some identified vulnerabilities, so there have been a number of avenues of assault. The interface had some filtering, so slashes and areas weren’t handed, however a number of different characters may get across the limitations. Very intelligent.
The publish accommodates a number of good tips to file away for future use. It additionally turned out that regardless of the Brother branding, the printer is absolutely from one other firm, which was helpful to know, too. In the long run, does the printer work any higher? Most likely not. However we get the urge to verify a few of the different gadgets we personal.
The final time we noticed CUPS save an outdated printer, it needed to be bolted on. CUPS was meant to assist 3D printers, however we by no means see anybody utilizing it like that.