CVE-2024-51983 in Printerinfo

Summary

by MITRE • 06/25/2025

An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 06/25/2025

This vulnerability represents a critical denial of service weakness in web services implementations that lack proper authentication mechanisms and input validation. The flaw exists within the WS-Scan SOAP request processing functionality where the system fails to validate the JobToken parameter before proceeding with device operations. When an unauthenticated attacker submits a malformed JobToken value through the HTTP port 80 interface, the system experiences a crash condition that results in complete device reboot. This represents a classic example of insufficient input validation and lack of proper access controls that allows arbitrary users to disrupt service availability. The vulnerability directly maps to CWE-20, which describes improper input validation, and CWE-305, which covers authentication bypass issues. The device's failure to properly handle unexpected input values creates a condition where a simple HTTP request can trigger a system-wide crash event.

The operational impact of this vulnerability extends beyond simple service disruption as it enables persistent denial of service attacks through repeated exploitation. Once the initial crash occurs, the attacker can immediately reissue the same command to restart the cycle, creating a continuous disruption pattern that can effectively render the device unusable for legitimate users. This type of vulnerability allows for what security professionals classify as a persistent availability attack, which can be particularly damaging in environments where continuous operation is critical. The fact that this occurs through an unauthenticated interface makes it especially dangerous as it requires no prior credentials or privileged access to execute the attack. The vulnerability demonstrates poor defensive programming practices where the system does not implement proper error handling or input sanitization mechanisms that would prevent malformed data from causing system instability.

The technical exploitation of this vulnerability follows established patterns described in the attack framework, particularly aligning with techniques that leverage weak authentication controls and insufficient error handling. The attacker need only connect to TCP port 80 and submit a specially crafted SOAP request to trigger the vulnerability. This represents a low-effort, high-impact attack vector that can be automated and executed by adversaries with minimal technical skill. The device's response to the malformed JobToken value indicates a lack of proper exception handling and memory management practices that should be standard in robust software implementations. From an attack perspective, this vulnerability fits within the broader category of resource exhaustion and system stability attacks that can be classified under the MITRE ATT&CK framework's privilege escalation and denial of service techniques. Organizations should implement immediate mitigations including firewall rules to restrict access to the web services port, proper input validation at the application layer, and enhanced monitoring for suspicious SOAP request patterns that could indicate exploitation attempts.

Responsible

Rapid7

Reservation

11/04/2024

Disclosure

06/25/2025

Moderation

accepted

CPE

ready

EPSS

0.07833

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!