Authentication Bypass in Brother Devices Exposes User Credentials
CVE-2024-51984

6.8MEDIUM

Key Information:

Vendor: Brother Industries, Ltd
Status: Hl-l8260cdn; Hl-l8260cdw; Hl-l8360cdw; Hl-l8360cdwt
Vendor: CVE Published:; 25 June 2025

🔔 Create Brother Industries, Ltd Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2024-51984?

An issue has been identified that allows an authenticated attacker to manipulate Brother network devices to connect with external services such as LDAP or FTP that are under the attacker's control. By doing so, the attacker can compel the device to authenticate with these services using existing credentials. This exploitation can lead to the disclosure of plaintext passwords, placing sensitive information at risk and potentially facilitating further unauthorized access to connected systems.

Affected Version(s)

ADS-1700W 0

ADS-1800W 0

ADS-2400N 0

References

https://support.brother.com/g/b/link.aspx?prod=group2&faq...

vendor-advisory

https://support.brother.com/g/b/link.aspx?prod=group2&faq...

vendor-advisory

https://support.brother.com/g/b/link.aspx?prod=lmgroup1&f...

vendor-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 25, 2025
👾
Exploit known to exist
Jun 25, 2025
Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Nov 4, 2024

Credit

Stephen Fewer, Principal Security Researcher at Rapid7