Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for Media Player MP-01 by Sharp Display Solutions, Ltd.

    JVNDB-2025-022878

    Vulnerability from jvndb - Published: 2025-12-24 11:10 - Updated:2026-01-15 11:10
    Severity
    Summary
    Media Player MP-01 vulnerable to Missing Authentication for Critical Function
    Details
    NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability.
    • Missing Authentication for Critical Function (CWE-306) - CVE-2025-12049
    Souvik Kandar of MicroSec (microsec.io) discovered and reported the vulnerability to the developer and CISA. Cooperating with CISA, JPCERT/CC coordinated between the reporter and the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-022878.html",
      "dc:date": "2026-01-15T11:10+09:00",
      "dcterms:issued": "2025-12-24T11:10+09:00",
      "dcterms:modified": "2026-01-15T11:10+09:00",
      "description": "NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability.\u003cul\u003e\u003cli\u003eMissing Authentication for Critical Function (CWE-306) - CVE-2025-12049\u003c/li\u003e\u003c/ul\u003eSouvik Kandar of MicroSec (microsec.io) discovered and reported the vulnerability to the developer and CISA. Cooperating with CISA, JPCERT/CC coordinated between the reporter and the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-022878.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:sharp-display-solutions_mp-01",
        "@product": "Media Player MP-01",
        "@vendor": "Sharp Display Solutions, Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "9.8",
        "@severity": "Critical",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-022878",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU96231218/index.html",
          "@id": "JVNVU#96231218",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-12049",
          "@id": "CVE-2025-12049",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/306.html",
          "@id": "CWE-306",
          "@title": "Missing Authentication for Critical Function(CWE-306)"
        }
      ],
      "title": "Media Player MP-01 vulnerable to Missing Authentication for Critical Function"
    }

    CVE-2025-12049 (GCVE-0-2025-12049)

    Vulnerability from nvd – Published: 2025-12-22 05:05 – Updated: 2025-12-22 17:07 Unsupported When Assigned
    VLAI
    Summary
    Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    NEC
    Impacted products
    Credits
    Souvik Kandar of MicroSec (microsec.io)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-22T17:07:00.976136Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-22T17:07:30.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Media Player MP-01",
              "vendor": "Sharp Display Solutions, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Souvik Kandar of MicroSec (microsec.io)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication."
                }
              ],
              "value": "Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-22T05:05:25.588Z",
            "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
            "shortName": "NEC"
          },
          "references": [
            {
              "url": "https://sharp-displays.jp.sharp/global/support/info/MP01-CVE-2025-12049.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "assignerShortName": "NEC",
        "cveId": "CVE-2025-12049",
        "datePublished": "2025-12-22T05:05:25.588Z",
        "dateReserved": "2025-10-22T00:22:02.916Z",
        "dateUpdated": "2025-12-22T17:07:30.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12049 (GCVE-0-2025-12049)

    Vulnerability from cvelistv5 – Published: 2025-12-22 05:05 – Updated: 2025-12-22 17:07 Unsupported When Assigned
    VLAI
    Summary
    Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    NEC
    Impacted products
    Credits
    Souvik Kandar of MicroSec (microsec.io)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-22T17:07:00.976136Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-22T17:07:30.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Media Player MP-01",
              "vendor": "Sharp Display Solutions, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Souvik Kandar of MicroSec (microsec.io)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication."
                }
              ],
              "value": "Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-22T05:05:25.588Z",
            "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
            "shortName": "NEC"
          },
          "references": [
            {
              "url": "https://sharp-displays.jp.sharp/global/support/info/MP01-CVE-2025-12049.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "assignerShortName": "NEC",
        "cveId": "CVE-2025-12049",
        "datePublished": "2025-12-22T05:05:25.588Z",
        "dateReserved": "2025-10-22T00:22:02.916Z",
        "dateUpdated": "2025-12-22T17:07:30.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }