CVE-2024-51977: Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.
Published Jun 25, 2025
·Updated
An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.
Affected Software
5 affected components
Brother Industries Brother networked printers
FUJIFILM Business Innovation FUJIFILM Business Innovation networked printers
Ricoh Ricoh networked printers
Toshiba Tec Toshiba Tec networked printers
Konica Minolta Konica Minolta networked printers
Event History
Jun 25, 2025
CVE Published
via MITRE·07:15 AM
Data Sourced
via MITRE·07:15 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·08:15 AM
DescriptionSeverityWeakness
Jun 26, 2025
News Published
via BleepingComputer·06:10 PM
News Published
via BleepingComputer·06:11 PM
Jun 30, 2025
News Published
via ZDNet·03:52 PM
News Published
via ZDNet·03:56 PM
News Published
via ZDNet·04:35 PM
Jul 3, 2025
News Published
via ZDNet·10:30 AM