Description

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default administrator password. This flaw is similar to CVE-2024-51977, with the only difference being the protocol by which an attacker can use to learn the remote device's serial number. The eSCL/uscan vector is typically only exposed on the local network. Any discovery service that implements the eSCL specification can be used to exploit this vulnerability, and one such implementation is the runZero Explorer. Changing the default administrator password will render this vulnerability virtually worthless, since the calculated default administrator password would no longer be the correct password.

INFO

Published Date :

2025-08-12T15:23:00.577Z

Last Modified :

2025-10-08T13:39:35.427Z

Source :

AHA
AFFECTED PRODUCTS

The following products are affected by CVE-2025-8452 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-8452.

URL Resource
https://help.runzero.com/docs/installing-an-explorer/ cve-icon cve-icon
https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100851_000 cve-icon cve-icon
https://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001011111011111010111111001000000000000000000000000000000000000000000000000000000001 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-51977 cve-icon cve-icon
https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact