Sensitive Information Exposure in Brother Printers and Multifunction Devices
CVE-2024-51977

5.3MEDIUM

Key Information:

Vendor

Brother Industries, Ltd

Status
Hl-l8260cdn
Hl-l8260cdw
Hl-l8360cdw
Hl-l8360cdwt
Vendor
CVE Published:
25 June 2025

Badges

👾 Exploit Exists

What is CVE-2024-51977?

An unauthenticated attacker can exploit a vulnerability in Brother Printers and Multifunction Devices by accessing the HTTP, HTTPS, or IPP services. By sending a GET request to the URI path /etc/mnt_info.csv, an attacker can retrieve a CSV file that contains sensitive data, including the device model, firmware version, IP address, and serial number. This exposure could lead to unauthorized access and further attacks on the network, highlighting the need for improved security measures.

Affected Version(s)

ADS-2400N 0

ADS-2800W 0

ADS-3000N 0

References

https://support.brother.com/g/b/link.aspx?prod=group2&faq...
vendor-advisory
https://support.brother.com/g/b/link.aspx?prod=group2&faq...
vendor-advisory
https://support.brother.com/g/b/link.aspx?prod=lmgroup1&f...
vendor-advisory

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Stephen Fewer, Principal Security Researcher at Rapid7
.