CVE-2024-51978 Information

Description

An unauthenticated attacker who knows the target device’s serial number can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device’s serial number via CVE-2024-51977 over HTTP/HTTPS/IPP or via a PJL request or via an SNMP request.

Reference

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf https://github.com/rapid7/metasploit-framework/pull/20349 https://github.com/sfewer-r7/BrotherVulnerabilities https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000 https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed https://www.toshibatec.com/information/20250625_02.html

Related CNNVD

CNNVD-202506-3142 (Published: 2025-06-25)