CVE-2024-51977 Scanner

Brother Printers are widely used in various settings such as offices, homes, and educational institutions for printing, scanning, and copying documents. These devices are favored for their reliability and quality performance in handling a large volume of print jobs. They are network-capable, allowing multiple users to connect and use them simultaneously over a local network. Brother Printers also offer remote printing capabilities, providing versatility in how users can manage their printing tasks. With different models covering a range of features, they cater to diverse user needs, from basic printing to advanced document handling. They're designed to integrate seamlessly into existing IT infrastructures, ensuring ease of use and efficiency.

The Information Disclosure vulnerability allows unauthorized attackers to retrieve sensitive information from Brother Printers. Exploiting this vulnerability does not require authentication, and sensitive data such as the device's model, firmware version, IP address, and serial number can be accessed. This vulnerability is present because certain files are accessible via HTTP, HTTPS, or IPP services. Incorrectly configured permissions allow these sensitive files to be retrieved. This kind of exposure poses a threat to organizational security by potentially providing an attacker with vital network and device information.

To exploit this Information Disclosure vulnerability, attackers only need to access the vulnerable URI path /etc/mnt_info.csv. Through a simple GET request to this endpoint, the attacker can retrieve a CSV file containing sensitive information about the Brother Printer device. The information extracted includes the model name, firmware version, and more, segmented in a comma-separated format. The vulnerability arises from inadequate access restrictions on certain paths within the printer's web interface, leading to these unintended disclosures.

If exploited, the vulnerability can lead to various security concerns, primarily through the leakage of sensitive information. With access to model and firmware details, attackers could tailor further attacks targeting specific weaknesses in the known firmware versions. Exposure of IP addresses facilitates network scanning and could further expose the network to additional vulnerabilities. In extreme cases, this information could be used to execute social engineering attacks or prepare for more sophisticated exploits targeting network settings or connected users. Overall, this vulnerability risks compromising the integrity of network environments where Brother Printers are deployed.

REFERENCES

• https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed
• https://github.com/sfewer-r7/BrotherVulnerabilities
• https://support.brother.com/g/b/faqend.aspx?c=eu_ot&lang=en&prod=group2&faqid=faq00100846_000