Detections
Analytics

CVE-2024-51977

medium

Description

An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.

References

https://www.toshibatec.com/information/20250625_02.html

https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007

https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf

https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html

https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000

https://github.com/sfewer-r7/BrotherVulnerabilities

https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

Details

Source: Mitre, NVD

Published: 2025-06-25

Updated: 2025-06-26

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00078