Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for Multiple MFPs (multifunction printers) by Sharp Corporation

    CVE-2024-36254 (GCVE-0-2024-36254)

    Vulnerability from nvd – Published: 2024-11-26 07:38 – Updated: 2024-11-26 14:48
    VLAI
    Summary
    Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    sharp bp-90c70 Affected: 0 , ≤ 200 (custom)
        cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-90c80 Affected: 0 , ≤ 200 (custom)
        cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-70c65 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-70c65:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-70c55 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-70c55:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-70c45 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-70c45:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-70c36 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-70c36:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-70c31 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-70c31:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-60c45 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-60c45:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-60c36 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-60c36:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-60c31 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-60c31:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c65 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c65:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c55 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c55:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c45 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c45:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c36 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c36:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c31 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c31:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c26 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c26:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-55c26 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-55c26:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-8081 Affected: 0 , ≤ 150 (custom)
        cpe:2.3:h:sharp:mx-8081:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-7081 Affected: 0 , ≤ 150 (custom)
        cpe:2.3:h:sharp:mx-7081:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-6071 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-6071:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-5071 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-5071:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-4071 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-4071:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3571 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3571:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3071 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3071:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-4061 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-4061:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3561 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3561:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3061 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3061:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-6051 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-6051:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-5051 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-5051:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-4051 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-4051:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3551 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3551:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3051 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3051:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-2651 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-2651:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-6071s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-6071s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-5071s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-5071s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-4071s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-4071s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3571s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3571s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3071s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3071s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-4061s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-4061s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3561s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3561s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3061s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3061s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-30c25 Affected: 0 , ≤ 123 (custom)
        cpe:2.3:h:sharp:bp-30c25:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-30c25y Affected: 0 , ≤ 123 (custom)
        cpe:2.3:h:sharp:bp-30c25y:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-30c25z Affected: 0 , ≤ 123 (custom)
        cpe:2.3:h:sharp:bp-30c25z:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-30c25t Affected: 0 , ≤ 123 (custom)
        cpe:2.3:h:sharp:bp-30c25t:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-7580n Affected: 0 , ≤ 502 (custom)
        cpe:2.3:h:sharp:mx-7580n:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-6580n Affected: 0 , ≤ 502 (custom)
        cpe:2.3:h:sharp:mx-6580n:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-8090n Affected: 0 , ≤ 404 (custom)
        cpe:2.3:h:sharp:mx-8090n:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-7090n Affected: 0 , ≤ 404 (custom)
        cpe:2.3:h:sharp:mx-7090n:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-90c70",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "200",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-90c80",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "200",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-70c65:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-70c65",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-70c55:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-70c55",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-70c45:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-70c45",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-70c36:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-70c36",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-70c31:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-70c31",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-60c45:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-60c45",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-60c36:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-60c36",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-60c31:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-60c31",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c65:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c65",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c55:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c55",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c45:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c45",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c36:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c36",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c31:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c31",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c26:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c26",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-55c26:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-55c26",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-8081:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-8081",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "150",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-7081:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-7081",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "150",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-6071:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-6071",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-5071:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-5071",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-4071:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-4071",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3571:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3571",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3071:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3071",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-4061:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-4061",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3561:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3561",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3061:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3061",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-6051:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-6051",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-5051:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-5051",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-4051:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-4051",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3551:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3551",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3051:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3051",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-2651:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-2651",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-6071s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-6071s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-5071s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-5071s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-4071s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-4071s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3571s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3571s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3071s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3071s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-4061s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-4061s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3561s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3561s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3061s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3061s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-30c25:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-30c25",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "123",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-30c25y:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-30c25y",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "123",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-30c25z:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-30c25z",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "123",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-30c25t:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-30c25t",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "123",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-7580n:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-7580n",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "502",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-6580n:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-6580n",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "502",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-8090n:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-8090n",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "404",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-7090n:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-7090n",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "404",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:24:25.876189Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:48:35.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:38:30.408Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-36254",
        "datePublished": "2024-11-26T07:38:30.408Z",
        "dateReserved": "2024-05-22T09:00:17.089Z",
        "dateUpdated": "2024-11-26T14:48:35.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-36251 (GCVE-0-2024-36251)

    Vulnerability from nvd – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:21
    VLAI
    Summary
    The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    sharp mx-m905 Affected: 611
        cpe:2.3:h:sharp:mx-m905:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m6070 Affected: 502
        cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m5070 Affected: 502
        cpe:2.3:h:sharp:mx-m5070:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m4070 Affected: 502
        cpe:2.3:h:sharp:mx-m4070:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m3570 Affected: 502
        cpe:2.3:h:sharp:mx-m3570:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m3070 Affected: 502
        cpe:2.3:h:sharp:mx-m3070:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m6050 Affected: 502
        cpe:2.3:h:sharp:mx-m6050:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m5050 Affected: 502
        cpe:2.3:h:sharp:mx-m5050:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m4050 Affected: 502
        cpe:2.3:h:sharp:mx-m4050:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m3550 Affected: 502
        cpe:2.3:h:sharp:mx-m3550:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m3050 Affected: 502
        cpe:2.3:h:sharp:mx-m3050:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m2630 Affected: 502
        cpe:2.3:h:sharp:mx-m2630:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-b550wd Affected: 250
        cpe:2.3:h:sharp:bp-b550wd:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-b540wr Affected: 250
        cpe:2.3:h:sharp:bp-b540wr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-b547wd Affected: 250
        cpe:2.3:h:sharp:bp-b547wd:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-b537wr Affected: 250
        cpe:2.3:h:sharp:bp-b537wr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b455w Affected: 404
        cpe:2.3:h:sharp:mx-b455w:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b355w Affected: 404
        cpe:2.3:h:sharp:mx-b355w:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b455wz Affected: 404
        cpe:2.3:h:sharp:mx-b455wz:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b355wz Affected: 404
        cpe:2.3:h:sharp:mx-b355wz:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b455wt Affected: 404
        cpe:2.3:h:sharp:mx-b455wt:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b355wt Affected: 404
        cpe:2.3:h:sharp:mx-b355wt:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m905:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m905",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "611"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m6070",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m5070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m5070",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m4070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m4070",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m3570:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m3570",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m3070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m3070",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m6050:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m6050",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m5050:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m5050",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m4050:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m4050",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m3550:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m3550",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m3050:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m3050",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m2630:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m2630",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m6070",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-b550wd:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-b550wd",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "250"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-b540wr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-b540wr",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "250"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-b547wd:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-b547wd",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "250"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-b537wr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-b537wr",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "250"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b455w:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b455w",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b355w:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b355w",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b455wz:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b455wz",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b355wz:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b355wz",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b455wt:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b455wt",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b355wt:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b355wt",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36251",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T16:19:13.648769Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T16:28:15.625Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:21:07.405Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:38:24.464Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-36251",
        "datePublished": "2024-11-26T07:38:24.464Z",
        "dateReserved": "2024-05-22T09:00:10.181Z",
        "dateUpdated": "2025-11-04T17:21:07.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-36249 (GCVE-0-2024-36249)

    Vulnerability from nvd – Published: 2024-11-26 07:38 – Updated: 2024-11-26 14:09
    VLAI
    Summary
    Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36249",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:03:17.536595Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:24.516Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:38:18.359Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-36249",
        "datePublished": "2024-11-26T07:38:18.359Z",
        "dateReserved": "2024-05-22T09:00:09.251Z",
        "dateUpdated": "2024-11-26T14:09:24.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-36248 (GCVE-0-2024-36248)

    Vulnerability from nvd – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:21
    VLAI
    Summary
    API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of hard-coded credentials
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36248",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-27T16:20:15.617804Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:13:00.762Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:21:06.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Use of hard-coded credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:38:12.712Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-36248",
        "datePublished": "2024-11-26T07:38:12.712Z",
        "dateReserved": "2024-05-22T09:00:17.964Z",
        "dateUpdated": "2025-11-04T17:21:06.049Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-35244 (GCVE-0-2024-35244)

    Vulnerability from nvd – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of hard-coded credentials
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T15:01:16.162778Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:13:00.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:50.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Use of hard-coded credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:38:06.435Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-35244",
        "datePublished": "2024-11-26T07:38:06.435Z",
        "dateReserved": "2024-05-22T09:00:11.122Z",
        "dateUpdated": "2025-11-04T17:20:50.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-34162 (GCVE-0-2024-34162)

    Vulnerability from nvd – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-767 - Access to critical private variable via public method
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T22:10:05.375457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T15:43:40.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:30.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to \"SIMPLE\", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-767",
                  "description": "Access to critical private variable via public method",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:57.671Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-34162",
        "datePublished": "2024-11-26T07:37:57.671Z",
        "dateReserved": "2024-05-22T09:00:13.769Z",
        "dateUpdated": "2025-11-04T17:20:30.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33616 (GCVE-0-2024-33616)

    Vulnerability from nvd – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Authentication bypass
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T22:10:06.870573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-306",
                    "description": "CWE-306 Missing Authentication for Critical Function",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T15:43:11.975Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:24.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication bypass",
                  "lang": "en-US",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:51.585Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-33616",
        "datePublished": "2024-11-26T07:37:51.585Z",
        "dateReserved": "2024-05-22T09:00:06.770Z",
        "dateUpdated": "2025-11-04T17:20:24.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33610 (GCVE-0-2024-33610)

    Vulnerability from nvd – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    "sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33610",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T22:10:22.048882Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T14:58:18.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:23.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "\"sessionlist.html\" and \"sys_trayentryreboot.html\" are accessible with no authentication. \"sessionlist.html\" provides logged-in users\u0027 session information including session cookies, and \"sys_trayentryreboot.html\" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:44.549Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-33610",
        "datePublished": "2024-11-26T07:37:44.549Z",
        "dateReserved": "2024-05-22T09:00:05.257Z",
        "dateUpdated": "2025-11-04T17:20:23.150Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33605 (GCVE-0-2024-33605)

    Vulnerability from nvd – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33605",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T22:10:08.649799Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T15:43:57.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:21.774Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T10:58:21.785Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-33605",
        "datePublished": "2024-11-26T07:37:38.329Z",
        "dateReserved": "2024-05-22T09:00:15.651Z",
        "dateUpdated": "2025-11-04T17:20:21.774Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-32151 (GCVE-0-2024-32151)

    Vulnerability from nvd – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-257 - Storing passwords in a recoverable format
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32151",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:03:23.265630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:24.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:16.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "Storing passwords in a recoverable format",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T10:57:58.852Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-32151",
        "datePublished": "2024-11-26T07:37:32.412Z",
        "dateReserved": "2024-05-22T09:00:11.984Z",
        "dateUpdated": "2025-11-04T17:20:16.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-29978 (GCVE-0-2024-29978)

    Vulnerability from nvd – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
    VLAI
    Summary
    User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-256 - Plaintext storage of a password
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29978",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T17:36:38.117189Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T17:36:49.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:19:54.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-256",
                  "description": "Plaintext storage of a password",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:27.029Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-29978",
        "datePublished": "2024-11-26T07:37:27.029Z",
        "dateReserved": "2024-05-22T09:00:12.924Z",
        "dateUpdated": "2025-11-04T17:19:54.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-29146 (GCVE-0-2024-29146)

    Vulnerability from nvd – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
    VLAI
    Summary
    User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext storage of sensitive information
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29146",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:03:29.416641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:24.767Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:19:53.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Cleartext storage of sensitive information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:20.253Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-29146",
        "datePublished": "2024-11-26T07:37:20.253Z",
        "dateReserved": "2024-05-22T09:00:07.612Z",
        "dateUpdated": "2025-11-04T17:19:53.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-28955 (GCVE-0-2024-28955)

    Vulnerability from nvd – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
    VLAI
    Summary
    Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect permission assignment for critical resource
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28955",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:03:35.804923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:24.903Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:19:40.571Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "Incorrect permission assignment for critical resource",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:14.737Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-28955",
        "datePublished": "2024-11-26T07:37:14.737Z",
        "dateReserved": "2024-05-22T09:00:18.956Z",
        "dateUpdated": "2025-11-04T17:19:40.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-28038 (GCVE-0-2024-28038)

    Vulnerability from nvd – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
    VLAI
    Summary
    The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28038",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T22:09:23.255878Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T14:57:54.916Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:19:37.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based buffer overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:06.324Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-28038",
        "datePublished": "2024-11-26T07:37:06.324Z",
        "dateReserved": "2024-05-22T09:00:14.691Z",
        "dateUpdated": "2025-11-04T17:19:37.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-36254 (GCVE-0-2024-36254)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2024-11-26 14:48
    VLAI
    Summary
    Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    sharp bp-90c70 Affected: 0 , ≤ 200 (custom)
        cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-90c80 Affected: 0 , ≤ 200 (custom)
        cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-70c65 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-70c65:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-70c55 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-70c55:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-70c45 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-70c45:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-70c36 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-70c36:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-70c31 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-70c31:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-60c45 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-60c45:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-60c36 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-60c36:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-60c31 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-60c31:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c65 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c65:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c55 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c55:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c45 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c45:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c36 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c36:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c31 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c31:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-50c26 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-50c26:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-55c26 Affected: 0 , ≤ 310 (custom)
        cpe:2.3:h:sharp:bp-55c26:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-8081 Affected: 0 , ≤ 150 (custom)
        cpe:2.3:h:sharp:mx-8081:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-7081 Affected: 0 , ≤ 150 (custom)
        cpe:2.3:h:sharp:mx-7081:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-6071 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-6071:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-5071 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-5071:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-4071 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-4071:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3571 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3571:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3071 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3071:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-4061 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-4061:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3561 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3561:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3061 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3061:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-6051 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-6051:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-5051 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-5051:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-4051 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-4051:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3551 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3551:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3051 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3051:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-2651 Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-2651:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-6071s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-6071s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-5071s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-5071s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-4071s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-4071s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3571s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3571s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3071s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3071s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-4061s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-4061s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3561s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3561s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-3061s Affected: 0 , ≤ 612 (custom)
        cpe:2.3:h:sharp:mx-3061s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-30c25 Affected: 0 , ≤ 123 (custom)
        cpe:2.3:h:sharp:bp-30c25:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-30c25y Affected: 0 , ≤ 123 (custom)
        cpe:2.3:h:sharp:bp-30c25y:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-30c25z Affected: 0 , ≤ 123 (custom)
        cpe:2.3:h:sharp:bp-30c25z:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-30c25t Affected: 0 , ≤ 123 (custom)
        cpe:2.3:h:sharp:bp-30c25t:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-7580n Affected: 0 , ≤ 502 (custom)
        cpe:2.3:h:sharp:mx-7580n:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-6580n Affected: 0 , ≤ 502 (custom)
        cpe:2.3:h:sharp:mx-6580n:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-8090n Affected: 0 , ≤ 404 (custom)
        cpe:2.3:h:sharp:mx-8090n:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-7090n Affected: 0 , ≤ 404 (custom)
        cpe:2.3:h:sharp:mx-7090n:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-90c70",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "200",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-90c80",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "200",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-70c65:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-70c65",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-70c55:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-70c55",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-70c45:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-70c45",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-70c36:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-70c36",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-70c31:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-70c31",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-60c45:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-60c45",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-60c36:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-60c36",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-60c31:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-60c31",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c65:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c65",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c55:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c55",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c45:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c45",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c36:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c36",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c31:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c31",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-50c26:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-50c26",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-55c26:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-55c26",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "310",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-8081:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-8081",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "150",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-7081:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-7081",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "150",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-6071:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-6071",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-5071:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-5071",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-4071:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-4071",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3571:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3571",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3071:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3071",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-4061:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-4061",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3561:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3561",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3061:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3061",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-6051:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-6051",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-5051:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-5051",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-4051:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-4051",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3551:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3551",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3051:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3051",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-2651:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-2651",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-6071s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-6071s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-5071s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-5071s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-4071s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-4071s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3571s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3571s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3071s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3071s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-4061s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-4061s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3561s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3561s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-3061s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-3061s",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "612",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-30c25:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-30c25",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "123",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-30c25y:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-30c25y",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "123",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-30c25z:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-30c25z",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "123",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-30c25t:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-30c25t",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "123",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-7580n:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-7580n",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "502",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-6580n:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-6580n",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "502",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-8090n:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-8090n",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "404",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-7090n:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-7090n",
                "vendor": "sharp",
                "versions": [
                  {
                    "lessThanOrEqual": "404",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:24:25.876189Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:48:35.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:38:30.408Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-36254",
        "datePublished": "2024-11-26T07:38:30.408Z",
        "dateReserved": "2024-05-22T09:00:17.089Z",
        "dateUpdated": "2024-11-26T14:48:35.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-36251 (GCVE-0-2024-36251)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:21
    VLAI
    Summary
    The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    sharp mx-m905 Affected: 611
        cpe:2.3:h:sharp:mx-m905:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m6070 Affected: 502
        cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m5070 Affected: 502
        cpe:2.3:h:sharp:mx-m5070:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m4070 Affected: 502
        cpe:2.3:h:sharp:mx-m4070:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m3570 Affected: 502
        cpe:2.3:h:sharp:mx-m3570:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m3070 Affected: 502
        cpe:2.3:h:sharp:mx-m3070:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m6050 Affected: 502
        cpe:2.3:h:sharp:mx-m6050:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m5050 Affected: 502
        cpe:2.3:h:sharp:mx-m5050:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m4050 Affected: 502
        cpe:2.3:h:sharp:mx-m4050:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m3550 Affected: 502
        cpe:2.3:h:sharp:mx-m3550:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m3050 Affected: 502
        cpe:2.3:h:sharp:mx-m3050:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-m2630 Affected: 502
        cpe:2.3:h:sharp:mx-m2630:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-b550wd Affected: 250
        cpe:2.3:h:sharp:bp-b550wd:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-b540wr Affected: 250
        cpe:2.3:h:sharp:bp-b540wr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-b547wd Affected: 250
        cpe:2.3:h:sharp:bp-b547wd:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp bp-b537wr Affected: 250
        cpe:2.3:h:sharp:bp-b537wr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b455w Affected: 404
        cpe:2.3:h:sharp:mx-b455w:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b355w Affected: 404
        cpe:2.3:h:sharp:mx-b355w:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b455wz Affected: 404
        cpe:2.3:h:sharp:mx-b455wz:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b355wz Affected: 404
        cpe:2.3:h:sharp:mx-b355wz:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b455wt Affected: 404
        cpe:2.3:h:sharp:mx-b455wt:-:*:*:*:*:*:*:*
    Create a notification for this product.
    sharp mx-b355wt Affected: 404
        cpe:2.3:h:sharp:mx-b355wt:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m905:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m905",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "611"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m6070",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m5070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m5070",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m4070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m4070",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m3570:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m3570",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m3070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m3070",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m6050:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m6050",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m5050:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m5050",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m4050:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m4050",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m3550:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m3550",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m3050:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m3050",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m2630:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m2630",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-m6070",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "502"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-b550wd:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-b550wd",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "250"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-b540wr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-b540wr",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "250"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-b547wd:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-b547wd",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "250"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:bp-b537wr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bp-b537wr",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "250"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b455w:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b455w",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b355w:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b355w",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b455wz:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b455wz",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b355wz:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b355wz",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b455wt:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b455wt",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:sharp:mx-b355wt:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mx-b355wt",
                "vendor": "sharp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "404"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36251",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T16:19:13.648769Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T16:28:15.625Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:21:07.405Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:38:24.464Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-36251",
        "datePublished": "2024-11-26T07:38:24.464Z",
        "dateReserved": "2024-05-22T09:00:10.181Z",
        "dateUpdated": "2025-11-04T17:21:07.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-36249 (GCVE-0-2024-36249)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2024-11-26 14:09
    VLAI
    Summary
    Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36249",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:03:17.536595Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:24.516Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:38:18.359Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-36249",
        "datePublished": "2024-11-26T07:38:18.359Z",
        "dateReserved": "2024-05-22T09:00:09.251Z",
        "dateUpdated": "2024-11-26T14:09:24.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-36248 (GCVE-0-2024-36248)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:21
    VLAI
    Summary
    API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of hard-coded credentials
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36248",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-27T16:20:15.617804Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:13:00.762Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:21:06.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Use of hard-coded credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:38:12.712Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-36248",
        "datePublished": "2024-11-26T07:38:12.712Z",
        "dateReserved": "2024-05-22T09:00:17.964Z",
        "dateUpdated": "2025-11-04T17:21:06.049Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-35244 (GCVE-0-2024-35244)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of hard-coded credentials
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T15:01:16.162778Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T21:13:00.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:50.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Use of hard-coded credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:38:06.435Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-35244",
        "datePublished": "2024-11-26T07:38:06.435Z",
        "dateReserved": "2024-05-22T09:00:11.122Z",
        "dateUpdated": "2025-11-04T17:20:50.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-34162 (GCVE-0-2024-34162)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-767 - Access to critical private variable via public method
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T22:10:05.375457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T15:43:40.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:30.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to \"SIMPLE\", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-767",
                  "description": "Access to critical private variable via public method",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:57.671Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-34162",
        "datePublished": "2024-11-26T07:37:57.671Z",
        "dateReserved": "2024-05-22T09:00:13.769Z",
        "dateUpdated": "2025-11-04T17:20:30.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33616 (GCVE-0-2024-33616)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Authentication bypass
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T22:10:06.870573Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-306",
                    "description": "CWE-306 Missing Authentication for Critical Function",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T15:43:11.975Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:24.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication bypass",
                  "lang": "en-US",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:51.585Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-33616",
        "datePublished": "2024-11-26T07:37:51.585Z",
        "dateReserved": "2024-05-22T09:00:06.770Z",
        "dateUpdated": "2025-11-04T17:20:24.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33610 (GCVE-0-2024-33610)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    "sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33610",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T22:10:22.048882Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T14:58:18.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:23.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "\"sessionlist.html\" and \"sys_trayentryreboot.html\" are accessible with no authentication. \"sessionlist.html\" provides logged-in users\u0027 session information including session cookies, and \"sys_trayentryreboot.html\" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:44.549Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-33610",
        "datePublished": "2024-11-26T07:37:44.549Z",
        "dateReserved": "2024-05-22T09:00:05.257Z",
        "dateUpdated": "2025-11-04T17:20:23.150Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33605 (GCVE-0-2024-33605)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33605",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T22:10:08.649799Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T15:43:57.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:21.774Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T10:58:21.785Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-33605",
        "datePublished": "2024-11-26T07:37:38.329Z",
        "dateReserved": "2024-05-22T09:00:15.651Z",
        "dateUpdated": "2025-11-04T17:20:21.774Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-32151 (GCVE-0-2024-32151)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:20
    VLAI
    Summary
    User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-257 - Storing passwords in a recoverable format
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32151",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:03:23.265630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:24.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:16.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "Storing passwords in a recoverable format",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T10:57:58.852Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-32151",
        "datePublished": "2024-11-26T07:37:32.412Z",
        "dateReserved": "2024-05-22T09:00:11.984Z",
        "dateUpdated": "2025-11-04T17:20:16.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-29978 (GCVE-0-2024-29978)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
    VLAI
    Summary
    User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-256 - Plaintext storage of a password
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29978",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T17:36:38.117189Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T17:36:49.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:19:54.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-256",
                  "description": "Plaintext storage of a password",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:27.029Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-29978",
        "datePublished": "2024-11-26T07:37:27.029Z",
        "dateReserved": "2024-05-22T09:00:12.924Z",
        "dateUpdated": "2025-11-04T17:19:54.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-29146 (GCVE-0-2024-29146)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
    VLAI
    Summary
    User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext storage of sensitive information
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29146",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:03:29.416641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:24.767Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:19:53.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Cleartext storage of sensitive information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:20.253Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-29146",
        "datePublished": "2024-11-26T07:37:20.253Z",
        "dateReserved": "2024-05-22T09:00:07.612Z",
        "dateUpdated": "2025-11-04T17:19:53.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-28955 (GCVE-0-2024-28955)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
    VLAI
    Summary
    Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect permission assignment for critical resource
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28955",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T14:03:35.804923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:09:24.903Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:19:40.571Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "Incorrect permission assignment for critical resource",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:14.737Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-28955",
        "datePublished": "2024-11-26T07:37:14.737Z",
        "dateReserved": "2024-05-22T09:00:18.956Z",
        "dateUpdated": "2025-11-04T17:19:40.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-28038 (GCVE-0-2024-28038)

    Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
    VLAI
    Summary
    The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    Sharp Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Sharp Corporation listed under [References]
    Create a notification for this product.
    Toshiba Tec Corporation Multiple MFPs (multifunction printers) Affected: See the information provided by Toshiba Tec Corporation listed under [References]
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28038",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-09T22:09:23.255878Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-10T14:57:54.916Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:19:37.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Jul/0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Sharp Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Sharp Corporation listed under [References]"
                }
              ]
            },
            {
              "product": "Multiple MFPs (multifunction printers)",
              "vendor": "Toshiba Tec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based buffer overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T07:37:06.324Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
            },
            {
              "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
            },
            {
              "url": "https://www.toshibatec.com/information/20240531_02.html"
            },
            {
              "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93051062/"
            },
            {
              "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-28038",
        "datePublished": "2024-11-26T07:37:06.324Z",
        "dateReserved": "2024-05-22T09:00:14.691Z",
        "dateUpdated": "2025-11-04T17:19:37.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }