Device Vulnerability in Brother's Multifunction Printers and Scanners
CVE-2024-51978

9.8CRITICAL

Key Information:

Vendor: Brother Industries, Ltd
Status: Hl-l8260cdn; Hl-l8260cdw; Hl-l8360cdw; Hl-l8360cdwt
Vendor: CVE Published:; 25 June 2025

🔔 Create Brother Industries, Ltd Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 59%📰 News Worthy

What is CVE-2024-51978?

An unauthenticated attacker with knowledge of the target device's serial number can exploit a vulnerability in Brother's multifunction printers and scanners to generate the default administrator password. This is achievable through various methods such as HTTP/HTTPS, IPP requests, PJL requests, or SNMP queries. This vulnerability exposes devices to unauthorized access and potential manipulation by attackers.

Affected Version(s)

ADS-1250W 0

ADS-1350W 0

ADS-1700W 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-51978 - Proof of Concept

News Articles

BleepingComputer

CVE-2024-51978 CVE-2024-51977

Brother printer bug in 689 models exposes default admin passwords

A total of 689 printer models from Brother, along with 53 other models from Fujifilm, Toshiba, and Konica Minolta, come with a default administrator password that remote attackers can generate. Even worse, there is no way to fix the flaw via firmware in existing printers.

CVE-2024-51978 CVE-2024-51977

Millions of Brother Printers Hit by Critical Unpatchable Bug

A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.