CVE-2024-51978

CRITICAL EXPLOITED NUCLEI

Unknown Device - Info Disclosure

Title source: llm

Description

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.

Exploits (1)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/BrotherPrinter-CVE-2024-51978-defaultPasswd.py

View Code ZIP pw:eip

Nuclei Templates (1)

Brother Printers – Authentication Bypass via Default Admin Password

CRITICALby iamnoooob,pdresearch,MathematicianGoat

FOFA: app="brother-Printer"

References (13)

[Various Sources] https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

[Various Sources] https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51978.yaml

View Writeup ZIP pw:eip

[Various Sources] https://github.com/sfewer-r7/BrotherVulnerabilities

View Writeup ZIP pw:eip

[Various Sources] https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000

[Various Sources] https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000

[Various Sources] https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000

[Various Sources] https://www.toshibatec.com/information/20250625_02.html

[Various Sources] https://www.bleepingcomputer.com/news/security/brother-printer-bug-in-689-models-exposes-default-admin-passwords/

[Various Sources] https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug

[Various Sources] https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/

[Third Party Advisory] https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed

[Issue Tracking] https://github.com/rapid7/metasploit-framework/pull/20349

[Vendor Advisory] https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf

Scores

CVSS v3 9.8

EPSS 0.5360

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-08-06

CWE

CWE-1391

Status published

Products (50)

Brother Industries, Ltd/ADS-1250W < R(3.75)

Brother Industries, Ltd/ADS-1350W < C(1.06)

Brother Industries, Ltd/ADS-1700W < R(3.75)

Brother Industries, Ltd/ADS-1800W < C(1.06)

Brother Industries, Ltd/ADS-2400N < T

Brother Industries, Ltd/ADS-2700W < M(4.28)

Brother Industries, Ltd/ADS-2700We < P(2.28)

Brother Industries, Ltd/ADS-2800W < T

Brother Industries, Ltd/ADS-3000N < T

Brother Industries, Ltd/ADS-3300W < P(2.28)

... and 40 more

Published Jun 25, 2025

Tracked Since Feb 18, 2026