vulnerability

Brother Printer: CVE-2024-51977: Insertion of Sensitive Information into Externally-Accessible File or Directory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Jun 25, 2025	Jun 25, 2025	Jun 25, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Jun 25, 2025

Added

Jun 25, 2025

Modified

Jun 25, 2025

Description

An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.

Solution

brother-printers-update-latest

References

URL-https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed/
CVE-2024-51977
https://attackerkb.com/topics/CVE-2024-51977

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today