CVE-2024-51977 Information

Description

An unauthenticated attacker who can access either the HTTP service (TCP port 80) the HTTPS service (TCP port 443) or the IPP service (TCP port 631) can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model firmware version IP address and serial number.

Reference

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf https://github.com/sfewer-r7/BrotherVulnerabilities https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007 https://www.toshibatec.com/information/20250625_02.html

Related CNNVD

CNNVD-202506-3135 (Published: 2025-06-25)