Multiple Printer Devices Information Disclosure (CVE-2024-51977)

medium Nessus Plugin ID 241295

Synopsis

A printers web server is affected by an information disclosure vulnerability.

Description

An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.

Solution

Upgrade the printer to the version specified in the vendor advisory.

See Also

http://www.nessus.org/u?c623e95a

http://www.nessus.org/u?cad4508b

Plugin Details

Severity: Medium

ID: 241295

File Name: printer_cve-2024-51977.nbin

Version: 1.3

Type: remote

Family: CGI abuses

Published: 7/3/2025

Updated: 7/14/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2024-51977

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: x-cpe:/o:brother:firmware

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/25/2025

Vulnerability Publication Date: 6/25/2025

Reference Information

CVE: CVE-2024-51977

IAVA: 2025-A-0458