CVE-2024-51983

HIGH

Web Services < unknown - DoS

Title source: llm

Description

An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device.

References (9)

[Various Sources] https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

[Various Sources] https://github.com/sfewer-r7/BrotherVulnerabilities

View Writeup ZIP pw:eip

[Various Sources] https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000

[Various Sources] https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000

[Various Sources] https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html

[Various Sources] https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007

[Various Sources] https://www.toshibatec.com/information/20250625_02.html

[Third Party Advisory] https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed

[Vendor Advisory] https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf

Scores

CVSS v3 7.5

EPSS 0.0080

EPSS Percentile 73.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-1286

Status draft

Timeline

Published Jun 25, 2025

Tracked Since Feb 18, 2026