Ankit Anubhav, Principal Researcher at NewSky Security said the printers offer full access to their administration panel over the Internet.

According to Bleeping Computer https://www.bleepingcomputer.com/news/security/hundreds-of-printers-expose-backend-panels-and-password-reset-functions-online/ a wide range of Brother printer models, such as DCP-9020CDW, MFC-9340CDW, MFC-L2700DW, or MFC-J2510 have the issue.

The cause of all these exposures is Brother's choice of shipping the printers with no admin password. Most organizations most likely connected the printers to their networks without realizing the admin panel was present and wide open to connections.

These printers are now easy discoverable via IoT search engines like Shodan or Censys.

Organisations running Brother printers should verify if the printer exposes the administration panel by default online, and/or set a custom password to prevent unauthorised access to the device.