CVE-2024-51984
MEDIUMBrother ADS Series - Credential Disclosure via External Service Reconfiguration
Title source: llmDescription
An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the existing credentials for that external service. In the case of an external LDAP or FTP service, this will disclose the plaintext password for that external service to the attacker.
References (10)
Scores
CVSS v3
6.8
EPSS
0.0048
EPSS Percentile
65.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-522
Status
published
Products (50)
Brother Industries, Ltd/ADS-1700W
< R(3.75)
Brother Industries, Ltd/ADS-1800W
< C(1.06)
Brother Industries, Ltd/ADS-2400N
< T
Brother Industries, Ltd/ADS-2700W
< M(4.28)
Brother Industries, Ltd/ADS-2700We
< P(2.28)
Brother Industries, Ltd/ADS-2800W
< T
Brother Industries, Ltd/ADS-3000N
< T
Brother Industries, Ltd/ADS-3300W
< P(2.28)
Brother Industries, Ltd/ADS-3600W
< T
Brother Industries, Ltd/ADS-4300N
< P(2.28)
... and 40 more
Published
Jun 25, 2025
Tracked Since
Feb 18, 2026