CVE-2024-51978

high-risk

Published 2025-06-25

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.

Do I need to act?

48.3% chance of exploitation in next 30 days

EPSS score — higher than 52% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

References (14)

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f...

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CV...

https://github.com/rapid7/metasploit-framework/pull/20349

https://github.com/sfewer-r7/BrotherVulnerabilities

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000

https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000

https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf

https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabiliti...

https://www.toshibatec.com/information/20250625_02.html

https://www.bleepingcomputer.com/news/security/brother-printer-bug-in-689-models...

https://www.darkreading.com/endpoint-security/millions-brother-printers-critical...

https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-prin...

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 18/34 · Moderate

Exposure 5/34 · Minimal