CVE-2024-51977 in Printerinfo

Summary

by MITRE • 06/25/2025

An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/25/2025

This vulnerability represents a critical information disclosure flaw affecting networked devices that expose HTTP, HTTPS, or IPP services on standard ports. The issue stems from improper access control mechanisms that allow any unauthenticated user to retrieve sensitive system information through a simple GET request to the /etc/mnt_info.csv endpoint. The vulnerability is particularly concerning as it exposes fundamental device metadata including model identifiers, firmware versions, IP addresses, and serial numbers without requiring any authentication credentials. This type of information leakage directly aligns with CWE-200, which addresses improper exposure of sensitive information, and falls under the broader category of information disclosure vulnerabilities that can significantly aid attackers in reconnaissance activities.

The technical implementation of this flaw demonstrates a failure in access control enforcement at the application layer where the device's web service does not properly validate incoming requests or enforce authentication requirements for sensitive data endpoints. The CSV format of the returned data suggests that the device maintains structured system information in a readable format that can be easily parsed by attackers. The exposure of IP addresses provides network topology information, while firmware versions reveal potential attack surface areas for exploitation. Serial numbers and model information can be used for device-specific attacks or to correlate with known vulnerabilities associated with particular device models and firmware versions.

The operational impact of this vulnerability extends beyond simple information disclosure as it significantly weakens the security posture of affected devices by providing attackers with essential reconnaissance data. Network administrators and security teams lose the ability to maintain operational security since device identifiers and configuration details become publicly accessible. This information can be leveraged for targeted attacks, including exploiting known vulnerabilities specific to certain firmware versions, conducting device-specific phishing campaigns, or mapping network infrastructure to plan more sophisticated attacks. The lack of authentication requirements means that this vulnerability can be exploited by anyone with network access to the affected ports, making it particularly dangerous in environments where these services are exposed to untrusted networks.

Mitigation strategies should focus on implementing proper access controls and authentication mechanisms for all sensitive endpoints. Organizations should immediately disable or restrict access to the affected services until proper authentication is enforced, while also considering network segmentation to limit exposure to unauthorized users. The implementation of web application firewalls and access control lists can help prevent unauthorized access to sensitive endpoints. Security configurations should be reviewed to ensure that system information is not exposed through simple GET requests, and that proper authentication mechanisms are enforced for all administrative and sensitive data access points. This vulnerability also highlights the importance of regular security assessments and penetration testing to identify similar information disclosure issues in network services. The ATT&CK framework categorizes this as a reconnaissance technique under T1592, where adversaries gather information about the target environment to plan subsequent attacks, making it a critical vulnerability to address promptly to prevent potential exploitation.

Responsible

Rapid7

Reservation

11/04/2024

Disclosure

06/25/2025

Moderation

accepted

CPE

ready

EPSS

0.77472

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!