|
7186 | 7186 | "needs_cleanup": false, |
7187 | 7187 | "actions": [] |
7188 | 7188 | }, |
| 7189 | + "auxiliary_admin/misc/brother_default_admin_auth_bypass_cve_2024_51978": { |
| 7190 | + "name": "Multiple Brother devices authentication bypass via default administrator password generation", |
| 7191 | + "fullname": "auxiliary/admin/misc/brother_default_admin_auth_bypass_cve_2024_51978", |
| 7192 | + "aliases": [], |
| 7193 | + "rank": 300, |
| 7194 | + "disclosure_date": "2025-06-25", |
| 7195 | + "type": "auxiliary", |
| 7196 | + "author": [ |
| 7197 | + "sfewer-r7" |
| 7198 | + ], |
| 7199 | + "description": "By leaking a target devices serial number, a remote attacker can generate the target devices default\n administrator password. The target device may leak its serial number via unauthenticated HTTP, HTTPS, IPP,\n SNMP, or PJL requests.", |
| 7200 | + "references": [ |
| 7201 | + "CVE-2024-51977", |
| 7202 | + "CVE-2024-51978", |
| 7203 | + "URL-https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000", |
| 7204 | + "URL-https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000", |
| 7205 | + "URL-https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000", |
| 7206 | + "URL-https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed", |
| 7207 | + "URL-https://github.com/sfewer-r7/BrotherVulnerabilities" |
| 7208 | + ], |
| 7209 | + "platform": "", |
| 7210 | + "arch": "", |
| 7211 | + "rport": 443, |
| 7212 | + "autofilter_ports": [ |
| 7213 | + 80, |
| 7214 | + 8080, |
| 7215 | + 443, |
| 7216 | + 8000, |
| 7217 | + 8888, |
| 7218 | + 8880, |
| 7219 | + 8008, |
| 7220 | + 3000, |
| 7221 | + 8443 |
| 7222 | + ], |
| 7223 | + "autofilter_services": [ |
| 7224 | + "http", |
| 7225 | + "https" |
| 7226 | + ], |
| 7227 | + "targets": null, |
| 7228 | + "mod_time": "2025-07-09 14:59:54 +0000", |
| 7229 | + "path": "/modules/auxiliary/admin/misc/brother_default_admin_auth_bypass_cve_2024_51978.rb", |
| 7230 | + "is_install_path": true, |
| 7231 | + "ref_name": "admin/misc/brother_default_admin_auth_bypass_cve_2024_51978", |
| 7232 | + "check": false, |
| 7233 | + "post_auth": false, |
| 7234 | + "default_credential": false, |
| 7235 | + "notes": { |
| 7236 | + "Stability": [ |
| 7237 | + "crash-safe" |
| 7238 | + ], |
| 7239 | + "SideEffects": [], |
| 7240 | + "Reliability": [] |
| 7241 | + }, |
| 7242 | + "session_types": false, |
| 7243 | + "needs_cleanup": false, |
| 7244 | + "actions": [] |
| 7245 | + }, |
7189 | 7246 | "auxiliary_admin/misc/sercomm_dump_config": { |
7190 | 7247 | "name": "SerComm Device Configuration Dump", |
7191 | 7248 | "fullname": "auxiliary/admin/misc/sercomm_dump_config", |
|
0 commit comments