← Zuruck zu CVEs
CVE-2024-51978
CRITICAL9.8
Beschreibung
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht6/25/2025
Zuletzt geandert7/25/2025
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-1391
Referenzen
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51978.yaml(cve@rapid7.com)
https://github.com/rapid7/metasploit-framework/pull/20349(cve@rapid7.com)
https://github.com/sfewer-r7/BrotherVulnerabilities(cve@rapid7.com)
https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed(cve@rapid7.com)
https://www.toshibatec.com/information/20250625_02.html(cve@rapid7.com)
https://www.bleepingcomputer.com/news/security/brother-printer-bug-in-689-models-exposes-default-admin-passwords/(af854a3a-2127-422b-91ae-364da2661108)
https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug(af854a3a-2127-422b-91ae-364da2661108)
https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/(af854a3a-2127-422b-91ae-364da2661108)
https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.