ByteOS Network

NVD Vulnerability Details :

CVE-2025-8452

Awaiting Analysis

Source-cve@takeonme.org

Published At-12 Aug, 2025 | 16:15

Updated At-15 Aug, 2025 | 06:15

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default administrator password. This flaw is similar to CVE-2024-51977, with the only difference being the protocol by which an attacker can use to learn the remote device's serial number. The eSCL/uscan vector is typically only exposed on the local network. Any discovery service that implements the eSCL specification can be used to exploit this vulnerability, and one such implementation is the runZero Explorer. Changing the default administrator password will render this vulnerability virtually worthless, since the calculated default administrator password would no longer be the correct password.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.3	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-538	Secondary	cve@takeonme.org

References

Hyperlink	Source	Resource
https://help.runzero.com/docs/installing-an-explorer/	cve@takeonme.org	N/A
https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100851_000	cve@takeonme.org	N/A
https://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001011111011111010111111001000000000000000000000000000000000000000000000000000000001	cve@takeonme.org	N/A
https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed/	cve@takeonme.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History