fkie_cve-2024-51977
Vulnerability from fkie_nvd
Published
2025-06-25 08:15
Modified
2025-07-25 17:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.
References
cve@rapid7.comhttps://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf
cve@rapid7.comhttps://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51977.yaml
cve@rapid7.comhttps://github.com/sfewer-r7/BrotherVulnerabilities
cve@rapid7.comhttps://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000
cve@rapid7.comhttps://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000
cve@rapid7.comhttps://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000
cve@rapid7.comhttps://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html
cve@rapid7.comhttps://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf
cve@rapid7.comhttps://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed
cve@rapid7.comhttps://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007
cve@rapid7.comhttps://www.toshibatec.com/information/20250625_02.html
134c704f-9b21-4f2e-91b3-4a467353bcc0https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device\u2019s model, firmware version, IP address, and serial number."
    },
    {
      "lang": "es",
      "value": "Un atacante no autenticado que pueda acceder al servicio HTTP (puerto TCP 80), al servicio HTTPS (puerto TCP 443) o al servicio IPP (puerto TCP 631) puede filtrar informaci\u00f3n confidencial de un dispositivo vulnerable. Se puede acceder a la ruta URI /etc/mnt_info.csv mediante una solicitud GET sin necesidad de autenticaci\u00f3n. El resultado es una tabla de valores separados por comas (CSV). La informaci\u00f3n filtrada incluye el modelo del dispositivo, la versi\u00f3n de firmware, la direcci\u00f3n IP y el n\u00famero de serie."
    }
  ],
  "id": "CVE-2024-51977",
  "lastModified": "2025-07-25T17:15:29.617",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "cve@rapid7.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-25T08:15:30.053",
  "references": [
    {
      "source": "cve@rapid7.com",
      "url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51977.yaml"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://github.com/sfewer-r7/BrotherVulnerabilities"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faq00100846_000"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faq00100848_000"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faqp00100620_000"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://www.toshibatec.com/information/20250625_02.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf"
    }
  ],
  "sourceIdentifier": "cve@rapid7.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-538"
        }
      ],
      "source": "cve@rapid7.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.