Medium severity5.3NVD Advisory· Published Jun 25, 2025· Updated Apr 15, 2026
CVE-2024-51977
CVE-2024-51977
Description
An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdfnvd
- github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51977.yamlnvd
- support.brother.com/g/b/link.aspxnvd
- support.brother.com/g/b/link.aspxnvd
- support.brother.com/g/b/link.aspxnvd
- www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.htmlnvd
- www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdfnvd
- www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixednvd
- www.ricoh.com/products/security/vulnerabilities/vulnvd
- www.toshibatec.com/information/20250625_02.htmlnvd
News mentions
0No linked articles in our index yet.