CVE-2024-51978

Critical CVSS: 9.8

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.

Vendor

Product

CWE

CWE-1391

Yayın Tarihi

2025-06-25 08:15:31

Güncelleme

2025-07-25 17:15:30

Source Identifier

cve@rapid7.com

KEV Date Added

Kategoriler

CWE-1391 CRITICAL 2025

Referanslar

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51978.yaml https://github.com/rapid7/metasploit-framework/pull/20349 https://github.com/sfewer-r7/BrotherVulnerabilities https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000 https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed https://www.toshibatec.com/information/20250625_02.html https://www.bleepingcomputer.com/news/security/brother-printer-bug-in-689-models-exposes-default-admin-passwords/ https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/ https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf