Blind Server Side Request Forgery Vulnerability in Brother Products
CVE-2024-51981

5.3MEDIUM

Key Information:

Vendor

Brother Industries, Ltd

Status
Hl-l8260cdn
Hl-l8260cdw
Hl-l8360cdw
Hl-l8360cdwt
Vendor
CVE Published:
25 June 2025

Badges

👾 Exploit Exists

What is CVE-2024-51981?

An unauthenticated attacker can exploit a crafted CRLF injection vulnerability in Brother devices, leading to a blind server side request forgery (SSRF). This vulnerability allows the attacker to manipulate the HTTP request data in a WS-Eventing subscription SOAP operation via the WS-Addressing feature. However, the attacker will not gain access to any response data from the affected connection, limiting the scope of the attack.

Affected Version(s)

ADS-2400N 0

ADS-2800W 0

ADS-3000N 0

References

https://support.brother.com/g/b/link.aspx?prod=group2&faq...
vendor-advisory
https://support.brother.com/g/b/link.aspx?prod=group2&faq...
vendor-advisory
https://support.brother.com/g/b/link.aspx?prod=lmgroup1&f...
vendor-advisory

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Stephen Fewer, Principal Security Researcher at Rapid7
.
CVE-2024-51981 : Blind Server Side Request Forgery Vulnerability in Brother Products