CVE-2024-51983
An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-06-25 08:15:32
Güncelleme
2025-06-26 18:58:14
Source Identifier
cve@rapid7.com
KEV Date Added
-
Kategoriler
Referanslar
https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf
https://github.com/sfewer-r7/BrotherVulnerabilities
https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000
https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html
https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf
https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007
https://www.toshibatec.com/information/20250625_02.html
https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf