Brother, FUJIFILM, RICOH, Toshiba Tec, Konica Minolta Printers - Information Disclosure (CVE-2024-51977)

A vulnerability in a wide range of Brother, FUJIFILM, RICOH, Toshiba Tec, and Konica Minolta printers and multifunction devices allows unauthenticated attackers to access sensitive device information—including model, firmware version, IP address, and serial number—by sending a simple GET request to the /etc/mnt_info.csv path over HTTP, HTTPS, or IPP. This information disclosure could be leveraged by attackers for reconnaissance, targeted attacks, or to facilitate further exploitation of the affected devices within a network. CrowdSec has been tracking this vulnerabily and its exploits since 4th of July 2025. According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2024-51977 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2024-51977 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2024-51977 is currently experiencing high visibility and active exploitation across the internet. Attackers exploit this vulnerability by sending unauthenticated GET requests to /etc/mnt_info.csv, exposing sensitive device information such as model, firmware version, IP address, and serial number.