CVE-2024-51978

9.8 CRITICAL

Published: June 25, 2025 Modified: April 15, 2026

Description

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

Source: cve@rapid7.com

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51978.yaml

Source: cve@rapid7.com

https://github.com/rapid7/metasploit-framework/pull/20349

Source: cve@rapid7.com

https://github.com/sfewer-r7/BrotherVulnerabilities

Source: cve@rapid7.com

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000

Source: cve@rapid7.com

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000

Source: cve@rapid7.com

https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000

Source: cve@rapid7.com

https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf

Source: cve@rapid7.com

https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed

Source: cve@rapid7.com

https://www.toshibatec.com/information/20250625_02.html

Source: cve@rapid7.com

https://www.bleepingcomputer.com/news/security/brother-printer-bug-in-689-models-exposes-default-admin-passwords/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/

Source: af854a3a-2127-422b-91ae-364da2661108

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

14 reference(s) from NVD

Quick Stats

CVSS v3 Score

9.8 / 10.0

EPSS (Exploit Probability)

48.3%

98th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-1391

Related CVEs

CVE-2026-6569 7.3

CVE-2026-6568 7.3

CVE-2026-6564 4.3

CVE-2026-6563 8.8

CVE-2026-6562 7.3