Search criteria
41 vulnerabilities by Sharp Corporation
CVE-2024-54082 (GCVE-0-2024-54082)
Vulnerability from cvelistv5 – Published: 2024-12-23 00:18 – Updated: 2024-12-24 00:39
VLAI?
Summary
home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:32:44.201878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:24.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:18:12.865Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-54082",
"datePublished": "2024-12-23T00:18:12.865Z",
"dateReserved": "2024-12-02T06:03:35.297Z",
"dateUpdated": "2024-12-24T00:39:24.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52321 (GCVE-0-2024-52321)
Vulnerability from cvelistv5 – Published: 2024-12-23 00:18 – Updated: 2024-12-24 00:39
VLAI?
Summary
Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker.
Severity ?
5.9 (Medium)
CWE
- CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:31:17.038246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:30.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-05L",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.C0 and earlier"
}
]
},
{
"product": "PocketWifi 809SH",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.B9 and earlier"
}
]
},
{
"product": "Speed Wi-Fi NEXT W07",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "02.00.48 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product\u0027s backup files containing sensitive information may be retrieved by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of sensitive system information to an unauthorized control sphere",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:18:08.358Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-52321",
"datePublished": "2024-12-23T00:18:08.358Z",
"dateReserved": "2024-12-02T06:03:32.297Z",
"dateUpdated": "2024-12-24T00:39:30.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47864 (GCVE-0-2024-47864)
Vulnerability from cvelistv5 – Published: 2024-12-23 00:18 – Updated: 2024-12-24 00:39
VLAI?
Summary
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down.
Severity ?
5.3 (Medium)
CWE
- CWE-120 - Buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:35:27.338755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:37.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:18:03.318Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47864",
"datePublished": "2024-12-23T00:18:03.318Z",
"dateReserved": "2024-12-02T06:03:34.435Z",
"dateUpdated": "2024-12-24T00:39:37.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46873 (GCVE-0-2024-46873)
Vulnerability from cvelistv5 – Published: 2024-12-23 00:17 – Updated: 2024-12-24 00:39
VLAI?
Summary
Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker.
Severity ?
9.8 (Critical)
CWE
- CWE-489 - Active debug code
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:35:52.238750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:44.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-05L",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.C0 and earlier"
}
]
},
{
"product": "PocketWifi 809SH",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.B9 and earlier"
}
]
},
{
"product": "Speed Wi-Fi NEXT W07",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "02.00.48 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "Active debug code",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:17:59.216Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-46873",
"datePublished": "2024-12-23T00:17:59.216Z",
"dateReserved": "2024-12-02T06:03:30.029Z",
"dateUpdated": "2024-12-24T00:39:44.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45721 (GCVE-0-2024-45721)
Vulnerability from cvelistv5 – Published: 2024-12-23 00:17 – Updated: 2024-12-24 00:39
VLAI?
Summary
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:32:46.849402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:52.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:17:55.581Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45721",
"datePublished": "2024-12-23T00:17:55.581Z",
"dateReserved": "2024-12-02T06:03:33.501Z",
"dateUpdated": "2024-12-24T00:39:52.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36254 (GCVE-0-2024-36254)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2024-11-26 14:48
VLAI?
Summary
Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-90c70",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-90c80",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c65:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c65",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c55:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c55",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c45:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c45",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c36:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c36",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c31:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c31",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-60c45:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-60c45",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-60c36:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-60c36",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-60c31:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-60c31",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c65:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c65",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c55:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c55",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c45:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c45",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c36:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c36",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c31:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c31",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c26:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c26",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-55c26:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-55c26",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-8081:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8081",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "150",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-7081:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7081",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "150",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-5071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-5071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3571:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3571",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4061:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4061",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3561:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3561",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3061:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3061",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-5051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-5051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3551:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3551",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-2651:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-2651",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-5071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-5071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3571s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3571s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4061s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4061s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3561s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3561s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3061s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3061s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25y:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25y",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25z:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25z",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25t:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25t",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-7580n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7580n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "502",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6580n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6580n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "502",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-8090n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8090n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "404",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-7090n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7090n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "404",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:24:25.876189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:48:35.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:38:30.408Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36254",
"datePublished": "2024-11-26T07:38:30.408Z",
"dateReserved": "2024-05-22T09:00:17.089Z",
"dateUpdated": "2024-11-26T14:48:35.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36251 (GCVE-0-2024-36251)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:21
VLAI?
Summary
The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:sharp:mx-m905:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m905",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "611"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m5070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m5070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m4070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m4070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3570:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3570",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m6050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m5050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m5050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m4050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m4050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3550:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3550",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m2630:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m2630",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b550wd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b550wd",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b540wr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b540wr",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b547wd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b547wd",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b537wr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b537wr",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b455w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455w",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b355w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b355w",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b455wz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455wz",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b355wz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b355wz",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b455wt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455wt",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b355wt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b355wt",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36251",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:19:13.648769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:28:15.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:07.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:38:24.464Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36251",
"datePublished": "2024-11-26T07:38:24.464Z",
"dateReserved": "2024-05-22T09:00:10.181Z",
"dateUpdated": "2025-11-04T17:21:07.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36249 (GCVE-0-2024-36249)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2024-11-26 14:09
VLAI?
Summary
Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
7.4 (High)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:03:17.536595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:09:24.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:38:18.359Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36249",
"datePublished": "2024-11-26T07:38:18.359Z",
"dateReserved": "2024-05-22T09:00:09.251Z",
"dateUpdated": "2024-11-26T14:09:24.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36248 (GCVE-0-2024-36248)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:21
VLAI?
Summary
API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
9.1 (Critical)
CWE
- CWE-798 - Use of hard-coded credentials
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T16:20:15.617804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:13:00.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:06.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of hard-coded credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:38:12.712Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36248",
"datePublished": "2024-11-26T07:38:12.712Z",
"dateReserved": "2024-05-22T09:00:17.964Z",
"dateUpdated": "2025-11-04T17:21:06.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35244 (GCVE-0-2024-35244)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:20
VLAI?
Summary
There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
9.1 (Critical)
CWE
- CWE-798 - Use of hard-coded credentials
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:01:16.162778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:13:00.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:50.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of hard-coded credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:38:06.435Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-35244",
"datePublished": "2024-11-26T07:38:06.435Z",
"dateReserved": "2024-05-22T09:00:11.122Z",
"dateUpdated": "2025-11-04T17:20:50.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-34162 (GCVE-0-2024-34162)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
VLAI?
Summary
The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
5.3 (Medium)
CWE
- CWE-767 - Access to critical private variable via public method
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T22:10:05.375457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T15:43:40.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:30.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to \"SIMPLE\", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-767",
"description": "Access to critical private variable via public method",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:37:57.671Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-34162",
"datePublished": "2024-11-26T07:37:57.671Z",
"dateReserved": "2024-05-22T09:00:13.769Z",
"dateUpdated": "2025-11-04T17:20:30.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-33616 (GCVE-0-2024-33616)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
VLAI?
Summary
Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
5.3 (Medium)
CWE
- Authentication bypass
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T22:10:06.870573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T15:43:11.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:24.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:37:51.585Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-33616",
"datePublished": "2024-11-26T07:37:51.585Z",
"dateReserved": "2024-05-22T09:00:06.770Z",
"dateUpdated": "2025-11-04T17:20:24.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-33610 (GCVE-0-2024-33610)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
VLAI?
Summary
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
9.1 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33610",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T22:10:22.048882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T14:58:18.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:23.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"sessionlist.html\" and \"sys_trayentryreboot.html\" are accessible with no authentication. \"sessionlist.html\" provides logged-in users\u0027 session information including session cookies, and \"sys_trayentryreboot.html\" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:37:44.549Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-33610",
"datePublished": "2024-11-26T07:37:44.549Z",
"dateReserved": "2024-05-22T09:00:05.257Z",
"dateUpdated": "2025-11-04T17:20:23.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-33605 (GCVE-0-2024-33605)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
VLAI?
Summary
Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T22:10:08.649799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T15:43:57.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:21.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T10:58:21.785Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-33605",
"datePublished": "2024-11-26T07:37:38.329Z",
"dateReserved": "2024-05-22T09:00:15.651Z",
"dateUpdated": "2025-11-04T17:20:21.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32151 (GCVE-0-2024-32151)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
VLAI?
Summary
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
5.9 (Medium)
CWE
- CWE-257 - Storing passwords in a recoverable format
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:03:23.265630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:09:24.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:16.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Storing passwords in a recoverable format",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T10:57:58.852Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-32151",
"datePublished": "2024-11-26T07:37:32.412Z",
"dateReserved": "2024-05-22T09:00:11.984Z",
"dateUpdated": "2025-11-04T17:20:16.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-29978 (GCVE-0-2024-29978)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
VLAI?
Summary
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
5.9 (Medium)
CWE
- CWE-256 - Plaintext storage of a password
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T17:36:38.117189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T17:36:49.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:19:54.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "Plaintext storage of a password",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:37:27.029Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-29978",
"datePublished": "2024-11-26T07:37:27.029Z",
"dateReserved": "2024-05-22T09:00:12.924Z",
"dateUpdated": "2025-11-04T17:19:54.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-29146 (GCVE-0-2024-29146)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
VLAI?
Summary
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
5.9 (Medium)
CWE
- CWE-312 - Cleartext storage of sensitive information
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:03:29.416641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:09:24.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:19:53.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext storage of sensitive information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:37:20.253Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-29146",
"datePublished": "2024-11-26T07:37:20.253Z",
"dateReserved": "2024-05-22T09:00:07.612Z",
"dateUpdated": "2025-11-04T17:19:53.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28955 (GCVE-0-2024-28955)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
VLAI?
Summary
Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
5.9 (Medium)
CWE
- CWE-732 - Incorrect permission assignment for critical resource
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:03:35.804923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:09:24.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:19:40.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect permission assignment for critical resource",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:37:14.737Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-28955",
"datePublished": "2024-11-26T07:37:14.737Z",
"dateReserved": "2024-05-22T09:00:18.956Z",
"dateUpdated": "2025-11-04T17:19:40.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28038 (GCVE-0-2024-28038)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
VLAI?
Summary
The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
9 (Critical)
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T22:09:23.255878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T14:57:54.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:19:37.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:37:06.324Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-28038",
"datePublished": "2024-11-26T07:37:06.324Z",
"dateReserved": "2024-05-22T09:00:14.691Z",
"dateUpdated": "2025-11-04T17:19:37.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-48870 (GCVE-0-2024-48870)
Vulnerability from cvelistv5 – Published: 2024-10-25 06:18 – Updated: 2024-10-25 14:15
VLAI?
Summary
Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability.
If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.
Severity ?
6.2 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Toshiba Tec Corporation | e-STUDIO 908 |
Affected:
T2.12.h3.00 and earlier versions
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:15:05.890283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:15:16.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "e-STUDIO 908",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T2.12.h3.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1058",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1208",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
},
{
"product": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by Sharp Corporation"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability.\r\nIf crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T09:02:25.999Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-48870",
"datePublished": "2024-10-25T06:18:57.297Z",
"dateReserved": "2024-10-16T05:26:39.202Z",
"dateUpdated": "2024-10-25T14:15:16.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47801 (GCVE-0-2024-47801)
Vulnerability from cvelistv5 – Published: 2024-10-25 06:18 – Updated: 2024-10-25 14:16
VLAI?
Summary
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability.
Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
Severity ?
7.4 (High)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Sharp Digital Full-color MFPs and Monochrome MFPs |
Affected:
see the information provided by Sharp Corporation
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:16:37.011885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:16:46.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by Sharp Corporation"
}
]
},
{
"product": "e-STUDIO 908",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T2.12.h3.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1058",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1208",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability.\r\nAccessing a crafted URL which points to an affected product may cause malicious script executed on the web browser."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T09:02:20.957Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47801",
"datePublished": "2024-10-25T06:18:50.793Z",
"dateReserved": "2024-10-16T05:26:34.127Z",
"dateUpdated": "2024-10-25T14:16:46.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47549 (GCVE-0-2024-47549)
Vulnerability from cvelistv5 – Published: 2024-10-25 06:18 – Updated: 2024-10-25 18:32
VLAI?
Summary
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers.
Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
Severity ?
7.4 (High)
CWE
- CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Sharp Digital Full-color MFPs and Monochrome MFPs |
Affected:
see the information provided by Sharp Corporation
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:32:15.403947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T18:32:25.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by Sharp Corporation"
}
]
},
{
"product": "e-STUDIO 908",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T2.12.h3.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1058",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1208",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers.\r\nAccessing a crafted URL which points to an affected product may cause malicious script executed on the web browser."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T09:02:15.707Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47549",
"datePublished": "2024-10-25T06:18:42.287Z",
"dateReserved": "2024-10-16T05:26:38.340Z",
"dateUpdated": "2024-10-25T18:32:25.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47406 (GCVE-0-2024-47406)
Vulnerability from cvelistv5 – Published: 2024-10-25 06:18 – Updated: 2024-10-25 18:38
VLAI?
Summary
Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.
Severity ?
9.1 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Sharp Digital Full-color MFPs and Monochrome MFPs |
Affected:
see the information provided by Sharp Corporation
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sharp:bp-90c70_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-90c80_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-90c80_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "210",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-50c26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c65_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-55c26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c65_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c65_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "320",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-7081_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-8081_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8081_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "160",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-b356w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b356wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b376w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b376wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b456w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b456wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b476w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b476wh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b476wh_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "413",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m905_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m905_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-2651_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3061_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3061s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3561_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3561s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3571_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3571s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4061_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4061s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6071s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6071s_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "613",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-30c25t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25y_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25z_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "130",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-6580n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-7580n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7580n_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "503",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-7090n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-8090n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8090n_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-2630n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3550n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3550v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3060n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3060v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3560n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3560v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3570n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3570v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4060n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4060v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070v_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6070v_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "802",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-c533wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c533wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c535wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c535wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c542wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c545wd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-c545wd_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "262",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-c303_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c303w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c303wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304wh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-c304wh_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "520",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-70m75_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m90_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70m90_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-50m26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m50_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m65_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70m65_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "320",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m1056_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m1206_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m1206_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m6570_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m7570_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m7570_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "456",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m5051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2651_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3571_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3571s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6071s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6071s_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "413",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-30m28_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m28t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m31t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m35_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m35t_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30m35t_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "220",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m3550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2630_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2630_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3050_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3570_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6070_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6070_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "503",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-b537wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b540wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b547wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b550wd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b550wd_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "260",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-b355w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b355wt_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b355wz_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455wt_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455wz_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455wz_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "404",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-908_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-908_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t2.12.h3.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-1058_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-1058_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t1.01.h4.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-1208_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-1208_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t1.01.h4.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:33:07.833042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T18:38:24.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by Sharp Corporation"
}
]
},
{
"product": "e-STUDIO 908",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T2.12.h3.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1058",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1208",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T09:02:10.791Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47406",
"datePublished": "2024-10-25T06:18:36.274Z",
"dateReserved": "2024-10-16T05:26:40.226Z",
"dateUpdated": "2024-10-25T18:38:24.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47005 (GCVE-0-2024-47005)
Vulnerability from cvelistv5 – Published: 2024-10-25 06:18 – Updated: 2024-10-25 18:38
VLAI?
Summary
Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted.
A non-administrative user may execute some configuration APIs.
Severity ?
8.1 (High)
CWE
- CWE-749 - Exposed dangerous method or function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Sharp Digital Full-color MFPs and Monochrome MFPs |
Affected:
see the information provided by Sharp Corporation
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-1058_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-1058_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t1.01.h4.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-90c70_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-90c80_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-90c80_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "210",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-50c26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c65_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-55c26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c65_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c65_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "320",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-7081_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-8081_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8081_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "160",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-2651_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3061_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3061s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3561_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3561s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3571_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3571s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4061_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4061s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6071s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6071s_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "613",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-30c25t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25y_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25z_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "130",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-6580n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-7580n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7580n_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "503",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-7090n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-8090n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8090n_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-2630n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3550n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3550v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3060n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3060v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3560n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3560v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3570n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3570v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4060n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4060v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070v_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6070v_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "802",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-1208_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-1208_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t1.01.h4.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-c533wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c533wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c535wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c535wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c542wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c545wd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-c545wd_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "262",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-c303_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c303w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c303wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304wh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-c304wh_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "520",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-70m75_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m90_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70m90_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-50m26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m50_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m65_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70m65_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "320",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m1056_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m1206_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m1206_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m6570_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m7570_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m7570_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "456",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m5051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2651_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3571_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3571s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6071s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6071s_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "413",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-30m28_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m28t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m31t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m35_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m35t_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30m35t_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "220",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-b356w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b356wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b376w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b376wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b456w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b456wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b476w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b476wh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b476wh_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "413",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m905_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m905_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m3550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2630_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2630_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3050_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3570_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6070_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6070_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "503",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-b537wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b540wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b547wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b550wd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b550wd_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "260",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-b355w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b355wt_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b355wz_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455wt_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455wz_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455wz_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "404",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-908_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-908_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t2.12.h3.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:33:28.662590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T18:38:02.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by Sharp Corporation"
}
]
},
{
"product": "e-STUDIO 908",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T2.12.h3.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1058",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1208",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted.\r\nA non-administrative user may execute some configuration APIs."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "Exposed dangerous method or function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T09:02:05.781Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47005",
"datePublished": "2024-10-25T06:18:30.415Z",
"dateReserved": "2024-10-16T05:26:37.236Z",
"dateUpdated": "2024-10-25T18:38:02.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45842 (GCVE-0-2024-45842)
Vulnerability from cvelistv5 – Published: 2024-10-25 06:18 – Updated: 2024-12-03 17:11
VLAI?
Summary
Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability.
Unintended internal files may be retrieved when processing crafted HTTP requests.
Severity ?
5.3 (Medium)
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Sharp Digital Full-color MFPs and Monochrome MFPs |
Affected:
see the information provided by Sharp Corporation
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-1058_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-1058_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t1.01.h4.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-90c70_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-90c80_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-90c80_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "210",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-50c26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c65_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-55c26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c65_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c65_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "320",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-7081_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-8081_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8081_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "160",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-2651_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3061_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3061s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3561_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3561s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3571_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3571s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4061_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4061s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6071s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6071s_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "613",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-30c25t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25y_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25z_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "130",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-6580n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-7580n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7580n_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "503",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-7090n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-8090n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8090n_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-2630n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3550n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3550v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3060n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3060v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3560n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3560v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3570n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3570v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4060n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4060v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070v_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6070v_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "802",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-1208_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-1208_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t1.01.h4.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-c533wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c533wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c535wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c535wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c542wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c545wd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-c545wd_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "262",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-c303_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c303w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c303wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304wh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-c304wh_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "520",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-70m75_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m90_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70m90_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-50m26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m50_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m65_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70m65_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "320",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m1056_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m1206_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m1206_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m6570_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m7570_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m7570_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "456",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m5051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2651_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3571_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3571s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6071s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6071s_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "413",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-30m28_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m28t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m31t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m35_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m35t_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30m35t_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "220",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-b356w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b356wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b376w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b376wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b456w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b456wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b476w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b476wh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b476wh_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "413",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m905_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m905_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m3550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2630_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2630_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3050_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3570_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6070_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6070_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "503",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-b537wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b540wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b547wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b550wd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b550wd_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "260",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-b355w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b355wt_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b355wz_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455wt_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455wz_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455wz_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "404",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-908_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-908_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t2.12.h3.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:33:42.556743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T17:11:31.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by Sharp Corporation"
}
]
},
{
"product": "e-STUDIO 908",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T2.12.h3.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1058",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1208",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability.\r\nUnintended internal files may be retrieved when processing crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T09:02:00.482Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45842",
"datePublished": "2024-10-25T06:18:23.519Z",
"dateReserved": "2024-10-16T05:26:44.298Z",
"dateUpdated": "2024-12-03T17:11:31.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45829 (GCVE-0-2024-45829)
Vulnerability from cvelistv5 – Published: 2024-10-25 06:18 – Updated: 2024-10-25 18:34
VLAI?
Summary
Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability.
Crafted HTTP requests may cause affected products crashed.
Severity ?
4.9 (Medium)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Sharp Digital Full-color MFPs and Monochrome MFPs |
Affected:
see the information provided by Sharp Corporation
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45829",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:34:43.043642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T18:34:50.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by Sharp Corporation"
}
]
},
{
"product": "e-STUDIO 908",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T2.12.h3.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1058",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1208",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability.\r\nCrafted HTTP requests may cause affected products crashed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T09:01:54.565Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45829",
"datePublished": "2024-10-25T06:18:17.317Z",
"dateReserved": "2024-10-16T05:26:41.085Z",
"dateUpdated": "2024-10-25T18:34:50.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43424 (GCVE-0-2024-43424)
Vulnerability from cvelistv5 – Published: 2024-10-25 06:18 – Updated: 2024-10-25 17:16
VLAI?
Summary
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability.
Crafted HTTP requests may cause affected products crashed.
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Sharp Digital Full-color MFPs and Monochrome MFPs |
Affected:
see the information provided by Sharp Corporation
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sharp:bp-90c70_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-90c80_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-90c80_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "210",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-50c26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c65_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-55c26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c65_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c65_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "320",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-7081_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-8081_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8081_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "160",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-2651_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3061_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3061s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3561_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3561s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3571_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3571s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4061_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4061s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6071s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6071s_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "613",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-30c25t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25y_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25z_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "130",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-6580n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-7580n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7580n_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "503",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-7090n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-8090n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8090n_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-2630n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3550n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3550v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3060n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3060v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3560n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3560v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3570n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3570v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4060n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4060v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070v_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6070v_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "802",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-c533wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c533wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c535wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c535wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c542wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c545wd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-c545wd_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "262",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-c303_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c303w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c303wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304wh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-c304wh_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "520",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-70m75_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m90_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70m90_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-50m26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m50_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m65_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70m65_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "320",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m1056_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m1206_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m1206_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m6570_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m7570_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m7570_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "456",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m5051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2651_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3571_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3571s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6071s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6071s_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "413",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-30m28_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m28t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m31t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m35_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m35t_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30m35t_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "220",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-b356w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b356wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b376w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b376wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b456w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b456wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b476w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b476wh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b476wh_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "413",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m905_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m905_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m3550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2630_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2630_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3050_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3570_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6070_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6070_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "503",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-b537wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b540wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b547wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b550wd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b550wd_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "260",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-b355w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b355wt_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b355wz_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455wt_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455wz_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455wz_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "404",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-908_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-908_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t2.12.h3.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-1058_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-1058_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t1.01.h4.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-1208_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-1208_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t1.01.h4.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43424",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:18:09.827242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T17:16:12.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by Sharp Corporation"
}
]
},
{
"product": "e-STUDIO 908",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T2.12.h3.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1058",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1208",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability.\r\nCrafted HTTP requests may cause affected products crashed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T09:01:48.353Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-43424",
"datePublished": "2024-10-25T06:18:10.875Z",
"dateReserved": "2024-10-16T05:26:45.607Z",
"dateUpdated": "2024-10-25T17:16:12.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42420 (GCVE-0-2024-42420)
Vulnerability from cvelistv5 – Published: 2024-10-25 06:18 – Updated: 2024-10-25 18:37
VLAI?
Summary
Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages.
Crafted HTTP requests may cause affected products crashed.
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | Sharp Digital Full-color MFPs and Monochrome MFPs |
Affected:
see the information provided by Sharp Corporation.
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sharp:bp-90c70_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-90c80_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-90c80_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "210",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-50c26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50c65_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-55c26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-60c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70c65_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c65_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "320",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-7081_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-8081_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8081_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "160",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-2651_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3061_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3061s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3561_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3561s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3571_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3571s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4061_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4061s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6071s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6071s_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "613",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-30c25t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25y_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25z_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30c25_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "130",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-6580n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-7580n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7580n_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "503",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-7090n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-8090n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8090n_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-2630n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3550n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3550v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6050n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6050v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3060n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3060v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3560n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3560v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3570n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-3570v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4060n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4060v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-4070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-5070v_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070n_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070v_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-6070v_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6070v_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "802",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-c533wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c533wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c535wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c535wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c542wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-c545wd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-c545wd_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "262",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-c303_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c303w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c303wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-c304wh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-c304wh_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "520",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-70m75_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m90_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70m90_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-50m26_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m50_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-50m55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m36_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m45_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-70m65_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70m65_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "320",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m1056_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m1206_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m1206_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m6570_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m7570_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m7570_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "456",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m5051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2651_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3551_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3571_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3571s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5071s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6051_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6071_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6071s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6071s_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "413",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-30m28_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m28t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m31_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m31t_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m35_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-30m35t_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30m35t_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "220",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-b356w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b356wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b376w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b376wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b456w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b456wh_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b476w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b476wh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b476wh_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "413",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m905_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m905_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-m3550_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2630_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m2630_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3050_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m3570_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m4070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m5070_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6050_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6070_a_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-m6070_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6070_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "503",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:bp-b537wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b540wr_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b547wd_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:bp-b550wd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b550wd_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "260",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sharp:mx-b355w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b355wt_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b355wz_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455w_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455wt_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:sharp:mx-b455wz_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455wz_firmware",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "404",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-908_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-908_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t2.12.h3.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-1058_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-1058_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t1.01.h4.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:toshibatec:e-studio-1208_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-1208_firmware",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "t1.01.h4.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:35:04.039058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T18:37:13.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by Sharp Corporation."
}
]
},
{
"product": "e-STUDIO 908",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T2.12.h3.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1058",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
},
{
"product": "e-STUDIO 1208",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "T1.01.h4.00 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages.\r\nCrafted HTTP requests may cause affected products crashed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T09:01:42.113Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95063136/"
},
{
"url": "https://global.sharp/products/copier/info/info_security_2024-10.html"
},
{
"url": "https://www.toshibatec.com/information/20241025_01.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-42420",
"datePublished": "2024-10-25T06:18:00.481Z",
"dateReserved": "2024-10-16T05:26:36.361Z",
"dateUpdated": "2024-10-25T18:37:13.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23789 (GCVE-0-2024-23789)
Vulnerability from cvelistv5 – Published: 2024-02-14 10:35 – Updated: 2024-08-14 19:04
VLAI?
Summary
Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product.
Severity ?
9.8 (Critical)
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sharp_corporation:energy_management_controller_with_cloud_services_\\(jh-rvb1\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "energy_management_controller_with_cloud_services_\\(jh-rvb1\\)",
"vendor": "sharp_corporation",
"versions": [
{
"lessThanOrEqual": "b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sharp_corporation:energy_management_controller_with_cloud_services_\\(jh-rv11\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "energy_management_controller_with_cloud_services_\\(jh-rv11\\)",
"vendor": "sharp_corporation",
"versions": [
{
"lessThanOrEqual": "b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:00:07.763303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T19:04:41.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:35:11.140Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23789",
"datePublished": "2024-02-14T10:35:11.140Z",
"dateReserved": "2024-01-22T09:56:37.456Z",
"dateUpdated": "2024-08-14T19:04:41.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23788 (GCVE-0-2024-23788)
Vulnerability from cvelistv5 – Published: 2024-02-14 10:10 – Updated: 2025-03-19 13:44
VLAI?
Summary
Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.
Severity ?
9.1 (Critical)
CWE
- Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SHARP CORPORATION | Energy Management Controller with Cloud Services |
Affected:
JH-RVB1 Ver.B0.1.9.1 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:07.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sharp_corporation:energy_management_controller_with_cloud_services:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "energy_management_controller_with_cloud_services",
"vendor": "sharp_corporation",
"versions": [
{
"lessThan": "jh-rvb1_ver.b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "jh-rv11_ver.b0.1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T16:01:51.500071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T13:44:59.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RVB1 Ver.B0.1.9.1 and earlier"
}
]
},
{
"product": "Energy Management Controller with Cloud Services",
"vendor": "SHARP CORPORATION",
"versions": [
{
"status": "affected",
"version": "JH-RV11 Ver.B0.1.9.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T10:10:41.448Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf"
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23788",
"datePublished": "2024-02-14T10:10:41.448Z",
"dateReserved": "2024-01-22T09:56:37.455Z",
"dateUpdated": "2025-03-19T13:44:59.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}