{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T13:22:58.875","vulnerabilities":[{"cve":{"id":"CVE-2024-51977","sourceIdentifier":"cve@rapid7.com","published":"2025-06-25T08:15:30.053","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number."},{"lang":"es","value":"Un atacante no autenticado que pueda acceder al servicio HTTP (puerto TCP 80), al servicio HTTPS (puerto TCP 443) o al servicio IPP (puerto TCP 631) puede filtrar información confidencial de un dispositivo vulnerable. Se puede acceder a la ruta URI /etc/mnt_info.csv mediante una solicitud GET sin necesidad de autenticación. El resultado es una tabla de valores separados por comas (CSV). La información filtrada incluye el modelo del dispositivo, la versión de firmware, la dirección IP y el número de serie."}],"metrics":{"cvssMetricV31":[{"source":"cve@rapid7.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"cve@rapid7.com","type":"Secondary","description":[{"lang":"en","value":"CWE-538"}]}],"references":[{"url":"https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf","source":"cve@rapid7.com"},{"url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51977.yaml","source":"cve@rapid7.com"},{"url":"https://github.com/sfewer-r7/BrotherVulnerabilities","source":"cve@rapid7.com"},{"url":"https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000","source":"cve@rapid7.com"},{"url":"https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000","source":"cve@rapid7.com"},{"url":"https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000","source":"cve@rapid7.com"},{"url":"https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html","source":"cve@rapid7.com"},{"url":"https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf","source":"cve@rapid7.com"},{"url":"https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed","source":"cve@rapid7.com"},{"url":"https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007","source":"cve@rapid7.com"},{"url":"https://www.toshibatec.com/information/20250625_02.html","source":"cve@rapid7.com"},{"url":"https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}