Brother, FUJIFILM, RICOH, Toshiba Tec, Konica Minolta Printers - Information Disclosure (CVE-2024-51977)

CVE-2024-51977 is a vulnerability in a wide range of Brother, FUJIFILM, RICOH, Toshiba Tec, and Konica Minolta printers and multifunction devices allows unauthenticated attackers to access sensitive device information—including model, firmware version, IP address, and serial number—by sending a simple GET request to the /etc/mnt_info.csv path over HTTP, HTTPS, or IPP. This information disclosure could be leveraged by attackers for reconnaissance, targeted attacks, or to facilitate further exploitation of the affected devices within a network.

CrowdSec has been tracking this vulnerability and its exploits since 4th of July 2025.

CrowdSec network data shows that most actors exploiting CVE-2024-51977 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2024-51977 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2024-51977 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit this vulnerability by sending unauthenticated GET requests to /etc/mnt_info.csv, exposing sensitive device information such as model, firmware version, IP address, and serial number.