What is CVE-2024-51977?

CVE-2024-51977 is a medium-severity vulnerability in Brother Industries, Ltd Dcp-1610w, classified under Insertion of Sensitive Information into Externally-Accessible File or Directory. CVSS score: 5.3/10. Published 2025-06-25.

How severe is CVE-2024-51977?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2024-51977 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Brother Industries, Ltd Dcp-1610w

CVE-2024-51977

An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path…

EPSS: 0.766 (99.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Brother Industries, Ltd Dcp-1610w — versions 0
Brother Industries, Ltd Dcp-1610we — versions 0
Brother Industries, Ltd Dcp-1610wr — versions 0
Brother Industries, Ltd Dcp-1612w — versions 0
Brother Industries, Ltd Dcp-1612we — versions 0
Brother Industries, Ltd Dcp-1612wr — versions 0
Brother Industries, Ltd Dcp-1615nw — versions 0
Brother Industries, Ltd Dcp-1616nw — versions 0
Brother Industries, Ltd Dcp-1617nw — versions 0
Brother Industries, Ltd Dcp-1618w — versions 0

Weakness classification (CWE)

CWE-538 — Insertion of Sensitive Information into Externally-Accessible File or Directory

Public proof-of-concept exploits

References

www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed (third-party-advisory)
assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa9… (technical-description)
github.com/sfewer-r7/BrotherVulnerabilities (exploit)
github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-… (exploit)
support.brother.com/g/b/link.aspx (vendor-advisory)
support.brother.com/g/b/link.aspx (vendor-advisory)
support.brother.com/g/b/link.aspx (vendor-advisory)
www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html (vendor-advisory)
www.ricoh.com/products/security/vulnerabilities/vul (vendor-advisory)
www.toshibatec.com/information/20250625_02.html (vendor-advisory)

Frequently asked questions

What is CVE-2024-51977?: CVE-2024-51977 is a medium-severity vulnerability in Brother Industries, Ltd Dcp-1610w, classified under Insertion of Sensitive Information into Externally-Accessible File or Directory. CVSS score: 5.3/10. Published 2025-06-25.
How severe is CVE-2024-51977?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2024-51977 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.