CVE-2024-51977

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-51977
An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51977.yaml
https://github.com/sfewer-r7/BrotherVulnerabilities
https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000
https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000
https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html
https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf
https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007
https://www.toshibatec.com/information/20250625_02.html
https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf
Configurations

No configuration.

History

25 Jul 2025, 17:15

Type Values Removed Values Added
References
  • () https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51977.yaml -

26 Jun 2025, 18:58

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-25 08:15

Updated : 2025-07-25 17:15

NVD link : CVE-2024-51977

Mitre link : CVE-2024-51977

CVE.ORG link : CVE-2024-51977

JSON object : View

Products Affected

No product.

CWE
CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory