CVE-2024-51980

MEDIUM

WS-Addressing ReplyTo - SSRF

Title source: llm

Description

An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port 80) SOAP request. The attacker can not control the data sent in the SSRF connection, nor can the attacker receive any data back. This SSRF is suitable for TCP port scanning of an internal network when the Web service (HTTP TCP port 80) is exposed across a network segment.

References (10)

Core 10

Core References

Various Sources exploit

https://github.com/sfewer-r7/BrotherVulnerabilities

View Writeup ZIP pw:eip

Various Sources vendor-advisory

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000

Various Sources vendor-advisory

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000

Various Sources vendor-advisory

https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000

Various Sources vendor-advisory

https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html

Various Sources vendor-advisory

https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007

Various Sources vendor-advisory

https://www.toshibatec.com/information/20250625_02.html

Vendor Advisory vendor-advisory

https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf

Third Party Advisory third-party-advisory

https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed

Various Sources technical-description

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

Scores

CVSS v3 5.3

EPSS 0.0063

EPSS Percentile 70.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (50)

Brother Industries, Ltd/ADS-2400N < T

Brother Industries, Ltd/ADS-2800W < T

Brother Industries, Ltd/ADS-3000N < T

Brother Industries, Ltd/ADS-3600W < T

Brother Industries, Ltd/DCP-1610W < ZB

Brother Industries, Ltd/DCP-1610WE < ZB

Brother Industries, Ltd/DCP-1610WR < ZB

Brother Industries, Ltd/DCP-1612W < ZB

Brother Industries, Ltd/DCP-1612WE < ZB

Brother Industries, Ltd/DCP-1612WR < ZB

... and 40 more

Published Jun 25, 2025

Tracked Since Feb 18, 2026