← Back to CVEs
CVE-2024-51978
CRITICAL9.8
Description
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published6/25/2025
Last Modified7/25/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-1391
References
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51978.yaml(cve@rapid7.com)
https://github.com/rapid7/metasploit-framework/pull/20349(cve@rapid7.com)
https://github.com/sfewer-r7/BrotherVulnerabilities(cve@rapid7.com)
https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed(cve@rapid7.com)
https://www.toshibatec.com/information/20250625_02.html(cve@rapid7.com)
https://www.bleepingcomputer.com/news/security/brother-printer-bug-in-689-models-exposes-default-admin-passwords/(af854a3a-2127-422b-91ae-364da2661108)
https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug(af854a3a-2127-422b-91ae-364da2661108)
https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/(af854a3a-2127-422b-91ae-364da2661108)
https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.