CVE-2024-51978

CRITICAL EXPLOITED NUCLEI

Unknown Device - Info Disclosure

Title source: llm

Description

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.

Exploits (1)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/BrotherPrinter-CVE-2024-51978-defaultPasswd.py

View Code ZIP pw:eip

Nuclei Templates (1)

Brother Printers – Authentication Bypass via Default Admin Password

CRITICALby iamnoooob,pdresearch,MathematicianGoat

FOFA: app="brother-Printer"

References (13)

[Various Sources] https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

[Various Sources] https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51978.yaml

View Writeup ZIP pw:eip

[Various Sources] https://github.com/sfewer-r7/BrotherVulnerabilities

View Writeup ZIP pw:eip

[Various Sources] https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000

[Various Sources] https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000

[Various Sources] https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000

[Various Sources] https://www.toshibatec.com/information/20250625_02.html

[Various Sources] https://www.bleepingcomputer.com/news/security/brother-printer-bug-in-689-models-exposes-default-admin-passwords/

[Various Sources] https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug

[Various Sources] https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/

[Third Party Advisory] https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed

[Issue Tracking] https://github.com/rapid7/metasploit-framework/pull/20349

[Vendor Advisory] https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf

Scores

CVSS v3 9.8

EPSS 0.4834

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2025-08-06

Classification

CWE

CWE-1391

Status draft

Timeline

Published Jun 25, 2025

Tracked Since Feb 18, 2026