CVE-2024-51978 | HackTesting

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.

Credits

Stephen Fewer, Principal Security Researcher at Rapid7

References

https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

https://github.com/rapid7/metasploit-framework/pull/20349

https://github.com/sfewer-r7/BrotherVulnerabilities

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51978.yaml

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000

https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000

https://www.toshibatec.com/information/20250625_02.html

https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf