AI description
CVE-2024-51977 is a vulnerability that allows an unauthenticated attacker to access sensitive information on affected devices. By sending a simple GET request to the URI path `/etc/mnt_info.csv` via the HTTP, HTTPS, or IPP services, an attacker can retrieve a CSV file containing the device's model, firmware version, IP address, and serial number. This information leak can then be used in conjunction with another vulnerability, CVE-2024-51978, to generate the default administrator password for the device if it hasn't been changed from the default. This is because the default password is created using the device's serial number during manufacturing.
- Description
- An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.
- Source
- cve@rapid7.com
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- cve@rapid7.com
- CWE-538
- Hype score
- Not currently trending
(🧵Thread) CVE-2024-51977: The New Vulnerability Turning over 750 Printer Models Into Botnets The CrowdSec Network has detected a wave of exploitation attempts targeting CVE-2024-51977, affecting over 750 different printers from brands such as Brother, FUJIFILM, and Toshiba. h
@Crowd_Security
21 Jul 2025
371 Impressions
2 Retweets
2 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 CVE-2024-51977 - medium 🚨 Brother Printers – Information Disclosure > An unauthenticated attacker who can access either the HTTP service (TCP port 80), the... 👾 https://t.co/FCnnmMPZ5e @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
28 Jun 2025
284 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Our @metasploit auxiliary module for the new Brother auth bypass is available. The module will leak a serial number via HTTP/HTTPS/IPP (CVE-2024-51977), SNMP, or PJL, generate the devices default admin password (CVE-2024-51978) and then validate the creds: https://t.co/3uJG56aMx9
@stephenfewer
25 Jun 2025
3964 Impressions
32 Retweets
76 Likes
20 Bookmarks
1 Reply
0 Quotes
CVE-2024-51977 An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak severa… https://t.co/DAqJEdYHrJ
@CVEnew
25 Jun 2025
213 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes