HL-L8260CDN - Authentication Bypass (CVE-2024-51978)

CVE-2024-51978 is a critical vulnerability affecting a wide range of Brother, Toshiba Tec, and Konica Minolta printers and multifunction devices, where an unauthenticated attacker who knows the device's serial number can generate the default administrator password. By leveraging this flaw—potentially in combination with CVE-2024-51977 to obtain the serial number—attackers can gain full administrative access remotely, leading to complete compromise of the device, exposure of sensitive data, and the ability to alter device settings or disrupt operations. This vulnerability poses a significant risk for unauthorized control and lateral movement within enterprise networks.

CrowdSec has been tracking this vulnerability and its exploits since 5th of August 2025.

CrowdSec network data shows that most actors exploiting CVE-2024-51978 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2024-51978 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2024-51978 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit Brother printers by accessing /etc/mnt_info.csv or /general/status.html to leak the device's serial number and perform authentication bypass using a generated default admin password. These endpoints are targeted for unauthorized access and login attempts.