CVE-2024-33616

Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the...

Sharp MFP和Toshiba MFP 跨站脚本漏洞

Sharp MFP is a series of multifunction printers from Sharp Corporation, Japan.Toshiba MFP is a series of printers from Toshiba Corporation, Japan. A cross-site scripting vulnerability exists in Sharp MFP and Toshiba MFP that originates from arbitrary scripts that can be executed on the...

PT-2024-26931 · Sharp +1 · Sharp Mfps +1

Name of the Vulnerable Software and Affected Versions: Sharp Corporation MFPs affected versions not specified Toshiba Tech Corporation MFPs affected versions not specified Description: A cross-site scripting issue exists in multiple MFPs from Sharp Corporation and Toshiba Tech Corporation. This...

PT-2024-26934 · Sharp +1 · Sharp Mfps +1

Name of the Vulnerable Software and Affected Versions: Sharp Corporation and Toshiba Tec Corporation multiple MFPs multifunction printers affected versions not specified Description: An out-of-bounds read issue exists, which may lead to a denial-of-service DoS condition. Recommendations: At the...

Sharp MFP和Toshiba MFP 安全漏洞

Sharp MFP is a series of multifunction printers from Sharp Corporation, Japan.Toshiba MFP is a series of printers from Toshiba Corporation, Japan. A security vulnerability exists in Sharp MFP and Toshiba MFP that stems from an out-of-bounds read issue that makes them susceptible to...

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

Overview MFPs multifunction printers provided by Sharp and Toshiba Tec Corporation contain multiple vulnerabilites listed below. Out-of-bounds Read CWE-125 CVE-2024-42420 Out-of-bounds read vulnerabilities coming from improper processing of keyword search input and improper processing of SOAP...

CVE-2024-47406

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability...

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

CVE-2024-47005

Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs...

CVE-2024-47005

Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs...

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

CVE-2024-47406

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability...

CVE-2024-48870

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users...

CVE-2024-47801

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

CVE-2024-43424

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...

CVE-2024-42420

Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed...

CVE-2024-45842

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests...

CVE-2024-45829

Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...

CVE-2024-43424

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...

CVE-2024-45842

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests...