CVE-2024-51978

critical

Description

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.

References

https://www.toshibatec.com/information/20250625_02.html

https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf

https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000

https://github.com/sfewer-r7/BrotherVulnerabilities

https://github.com/rapid7/metasploit-framework/pull/20349

https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

Details

Source: Mitre, NVD

Published: 2025-06-25

Updated: 2025-06-26

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00072