CVE-2024-51981

MEDIUM

Brother Printer WS-Eventing - Blind Server-Side Request Forgery

Title source: manual

Description

An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection.

References (10)

Core 10

Core References

Various Sources vendor-advisory

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000

Various Sources vendor-advisory

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000

Various Sources vendor-advisory

https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000

Various Sources vendor-advisory

https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html

Various Sources vendor-advisory

https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007

Various Sources vendor-advisory

https://www.toshibatec.com/information/20250625_02.html

Vendor Advisory vendor-advisory

https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf

Third Party Advisory third-party-advisory

https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed

Various Sources technical-description

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

Various Sources exploit

https://github.com/sfewer-r7/BrotherVulnerabilities

View Writeup ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0082

EPSS Percentile 52.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-918 CWE-93

Status published

Products (50)

Brother Industries, Ltd/ADS-2400N < T

Brother Industries, Ltd/ADS-2800W < T

Brother Industries, Ltd/ADS-3000N < T

Brother Industries, Ltd/ADS-3600W < T

Brother Industries, Ltd/DCP-1610W < ZB

Brother Industries, Ltd/DCP-1610WE < ZB

Brother Industries, Ltd/DCP-1610WR < ZB

Brother Industries, Ltd/DCP-1612W < ZB

Brother Industries, Ltd/DCP-1612WE < ZB

Brother Industries, Ltd/DCP-1612WR < ZB

... and 40 more

Published Jun 25, 2025

Tracked Since Feb 18, 2026