Sensitive Information Exposure in Brother Printers and Multifunction Devices
CVE-2024-51977
Key Information:
- Vendor
Brother Industries, Ltd
- Vendor
- CVE Published:
- 25 June 2025
Badges
What is CVE-2024-51977?
An unauthenticated attacker can exploit a vulnerability in Brother Printers and Multifunction Devices by accessing the HTTP, HTTPS, or IPP services. By sending a GET request to the URI path /etc/mnt_info.csv, an attacker can retrieve a CSV file that contains sensitive data, including the device model, firmware version, IP address, and serial number. This exposure could lead to unauthorized access and further attacks on the network, highlighting the need for improved security measures.
Affected Version(s)
ADS-2400N 0
ADS-2800W 0
ADS-3000N 0
News Articles
Brother printer bug in 689 models exposes default admin passwords
A total of 689 printer models from Brother, along with 53 other models from Fujifilm, Toshiba, and Konica Minolta, come with a default administrator password that remote attackers can generate. Even worse, there is no way to fix the flaw via firmware in existing printers.
3 weeks ago
Millions of Brother Printers Hit by Critical Unpatchable Bug
A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.
3 weeks ago
References
EPSS Score
41% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered
Vulnerability published
Vulnerability Reserved