All the vulnerabilites related to Toshiba Tec Corporation - Multiple MFPs (multifunction printers)
cve-2024-34162
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 07:37
Severity ?
EPSS score ?
Summary
The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to \"SIMPLE\", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-767", "description": "Access to critical private variable via public method", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:57.671Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-34162", "datePublished": "2024-11-26T07:37:57.671Z", "dateReserved": "2024-05-22T09:00:13.769Z", "dateUpdated": "2024-11-26T07:37:57.671Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33616
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 07:37
Severity ?
EPSS score ?
Summary
Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Authentication bypass", "lang": "en-US", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:51.585Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-33616", "datePublished": "2024-11-26T07:37:51.585Z", "dateReserved": "2024-05-22T09:00:06.770Z", "dateUpdated": "2024-11-26T07:37:51.585Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36249
Vulnerability from cvelistv5
Published
2024-11-26 07:38
Modified
2024-11-26 14:09
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36249", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T14:03:17.536595Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:09:24.516Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site scripting (XSS)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:38:18.359Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-36249", "datePublished": "2024-11-26T07:38:18.359Z", "dateReserved": "2024-05-22T09:00:09.251Z", "dateUpdated": "2024-11-26T14:09:24.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36248
Vulnerability from cvelistv5
Published
2024-11-26 07:38
Modified
2024-11-26 07:38
Severity ?
EPSS score ?
Summary
API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-798", "description": "Use of hard-coded credentials", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:38:12.712Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-36248", "datePublished": "2024-11-26T07:38:12.712Z", "dateReserved": "2024-05-22T09:00:17.964Z", "dateUpdated": "2024-11-26T07:38:12.712Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28955
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 14:09
Severity ?
EPSS score ?
Summary
Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28955", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T14:03:35.804923Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:09:24.903Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "Incorrect permission assignment for critical resource", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:14.737Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-28955", "datePublished": "2024-11-26T07:37:14.737Z", "dateReserved": "2024-05-22T09:00:18.956Z", "dateUpdated": "2024-11-26T14:09:24.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36251
Vulnerability from cvelistv5
Published
2024-11-26 07:38
Modified
2024-11-26 16:28
Severity ?
EPSS score ?
Summary
The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:sharp:mx-m905:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m905", "vendor": "sharp", "versions": [ { "status": "affected", "version": "611" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m6070", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m5070:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m5070", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m4070:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m4070", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m3570:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m3570", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m3070:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m3070", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m6050:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m6050", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m5050:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m5050", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m4050:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m4050", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m3550:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m3550", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m3050:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m3050", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m2630:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m2630", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m6070", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-b550wd:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-b550wd", "vendor": "sharp", "versions": [ { "status": "affected", "version": "250" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-b540wr:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-b540wr", "vendor": "sharp", "versions": [ { "status": "affected", "version": "250" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-b547wd:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-b547wd", "vendor": "sharp", "versions": [ { "status": "affected", "version": "250" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-b537wr:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-b537wr", "vendor": "sharp", "versions": [ { "status": "affected", "version": "250" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b455w:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b455w", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b355w:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b355w", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b455wz:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b455wz", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b355wz:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b355wz", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b455wt:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b455wt", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b355wt:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b355wt", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36251", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T16:19:13.648769Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T16:28:15.625Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds read", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:38:24.464Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-36251", "datePublished": "2024-11-26T07:38:24.464Z", "dateReserved": "2024-05-22T09:00:10.181Z", "dateUpdated": "2024-11-26T16:28:15.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-29146
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 14:09
Severity ?
EPSS score ?
Summary
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-29146", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T14:03:29.416641Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:09:24.767Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-312", "description": "Cleartext storage of sensitive information", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:20.253Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-29146", "datePublished": "2024-11-26T07:37:20.253Z", "dateReserved": "2024-05-22T09:00:07.612Z", "dateUpdated": "2024-11-26T14:09:24.767Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28038
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 07:37
Severity ?
EPSS score ?
Summary
The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Stack-based buffer overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:06.324Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-28038", "datePublished": "2024-11-26T07:37:06.324Z", "dateReserved": "2024-05-22T09:00:14.691Z", "dateUpdated": "2024-11-26T07:37:06.324Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36254
Vulnerability from cvelistv5
Published
2024-11-26 07:38
Modified
2024-11-26 14:48
Severity ?
EPSS score ?
Summary
Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-90c70", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "200", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-90c80", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "200", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-70c65:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-70c65", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-70c55:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-70c55", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-70c45:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-70c45", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-70c36:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-70c36", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-70c31:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-70c31", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-60c45:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-60c45", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-60c36:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-60c36", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-60c31:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-60c31", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c65:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c65", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c55:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c55", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c45:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c45", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c36:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c36", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c31:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c31", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c26:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c26", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-55c26:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-55c26", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-8081:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-8081", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "150", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-7081:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-7081", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "150", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-6071:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-6071", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-5071:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-5071", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-4071:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-4071", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3571:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3571", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3071:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3071", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-4061:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-4061", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3561:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3561", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3061:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3061", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-6051:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-6051", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-5051:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-5051", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-4051:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-4051", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3551:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3551", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3051:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3051", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-2651:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-2651", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-6071s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-6071s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-5071s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-5071s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-4071s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-4071s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3571s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3571s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3071s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3071s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-4061s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-4061s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3561s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3561s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3061s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3061s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-30c25:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-30c25", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "123", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-30c25y:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-30c25y", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "123", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-30c25z:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-30c25z", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "123", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-30c25t:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-30c25t", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "123", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-7580n:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-7580n", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "502", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-6580n:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-6580n", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "502", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-8090n:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-8090n", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "404", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-7090n:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-7090n", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "404", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36254", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T14:24:25.876189Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:48:35.480Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds read", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:38:30.408Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-36254", "datePublished": "2024-11-26T07:38:30.408Z", "dateReserved": "2024-05-22T09:00:17.089Z", "dateUpdated": "2024-11-26T14:48:35.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33605
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 10:58
Severity ?
EPSS score ?
Summary
Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T10:58:21.785Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-33605", "datePublished": "2024-11-26T07:37:38.329Z", "dateReserved": "2024-05-22T09:00:15.651Z", "dateUpdated": "2024-11-26T10:58:21.785Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33610
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 07:37
Severity ?
EPSS score ?
Summary
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "\"sessionlist.html\" and \"sys_trayentryreboot.html\" are accessible with no authentication. \"sessionlist.html\" provides logged-in users\u0027 session information including session cookies, and \"sys_trayentryreboot.html\" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-288", "description": "Authentication Bypass Using an Alternate Path or Channel", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:44.549Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-33610", "datePublished": "2024-11-26T07:37:44.549Z", "dateReserved": "2024-05-22T09:00:05.257Z", "dateUpdated": "2024-11-26T07:37:44.549Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-29978
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 07:37
Severity ?
EPSS score ?
Summary
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-256", "description": "Plaintext storage of a password", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:27.029Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-29978", "datePublished": "2024-11-26T07:37:27.029Z", "dateReserved": "2024-05-22T09:00:12.924Z", "dateUpdated": "2024-11-26T07:37:27.029Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32151
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 14:09
Severity ?
EPSS score ?
Summary
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-32151", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T14:03:23.265630Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:09:24.628Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-257", "description": "Storing passwords in a recoverable format", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T10:57:58.852Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-32151", "datePublished": "2024-11-26T07:37:32.412Z", "dateReserved": "2024-05-22T09:00:11.984Z", "dateUpdated": "2024-11-26T14:09:24.628Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-35244
Vulnerability from cvelistv5
Published
2024-11-26 07:38
Modified
2024-11-26 07:38
Severity ?
EPSS score ?
Summary
There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-798", "description": "Use of hard-coded credentials", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:38:06.435Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-35244", "datePublished": "2024-11-26T07:38:06.435Z", "dateReserved": "2024-05-22T09:00:11.122Z", "dateUpdated": "2024-11-26T07:38:06.435Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }