CVE-2024-51981

An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf
https://github.com/sfewer-r7/BrotherVulnerabilities
https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000
https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000
https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html
https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf
https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007
https://www.toshibatec.com/information/20250625_02.html
https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

Configurations

No configuration.

History

26 Jun 2025, 18:58

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-25 08:15

Updated : 2025-06-26 18:58

NVD link : CVE-2024-51981

Mitre link : CVE-2024-51981

CVE.ORG link : CVE-2024-51981

JSON object : View

Products Affected

No product.

CWE

CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2024-51981", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@rapid7.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-06-25T08:15:32.293", "references": [{"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf", "source": "cve@rapid7.com"}, {"url": "https://github.com/sfewer-r7/BrotherVulnerabilities", "source": "cve@rapid7.com"}, {"url": "https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000", "source": "cve@rapid7.com"}, {"url": "https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000", "source": "cve@rapid7.com"}, {"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000", "source": "cve@rapid7.com"}, {"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html", "source": "cve@rapid7.com"}, {"url": "https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf", "source": "cve@rapid7.com"}, {"url": "https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed", "source": "cve@rapid7.com"}, {"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007", "source": "cve@rapid7.com"}, {"url": "https://www.toshibatec.com/information/20250625_02.html", "source": "cve@rapid7.com"}, {"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-93"}, {"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection."}, {"lang": "es", "value": "Un atacante no autenticado podr\u00eda realizar server-side request forgery (SSRF) ciega debido a un problema de inyecci\u00f3n de CLRF que puede aprovecharse para el contrabando de solicitudes HTTP. Esta SSRF utiliza la funci\u00f3n WS-Addressing utilizada durante una operaci\u00f3n SOAP de suscripci\u00f3n WS-Eventing. El atacante puede controlar todos los datos HTTP enviados en la conexi\u00f3n SSRF, pero no puede recibirlos de vuelta."}], "lastModified": "2025-06-26T18:58:14.280", "sourceIdentifier": "cve@rapid7.com"}