Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
13 vulnerabilities found for home 5G HR02 by Sharp Corporation
CVE-2026-32326 (GCVE-0-2026-32326)
Vulnerability from nvd – Published: 2026-03-25 07:38 – Updated: 2026-03-25 13:26
VLAI?
Summary
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.
Severity ?
5.7 (Medium)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR01 |
Affected:
38JP_0_490 and earlier
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:26:41.257984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:26:49.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR01",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "38JP_0_490 and earlier"
}
]
},
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.A1.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52A",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "38JP_2_03J and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.15 and earlierr"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.64.00 and earlier"
}
]
},
{
"product": "5G Mobile Router SH-U01",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S4.48.00 and earlier"
}
]
},
{
"product": "Pocket WiFi 5G A503SH",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S7.41.00 and earlier"
}
]
},
{
"product": "Speed Wi-Fi 5G X01",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "3RJP_2_03I and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T07:38:20.672Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/corporate/info/product-security/advisory-list/2026-002/"
},
{
"url": "https://jvn.jp/en/jp/JVN49524110/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32326",
"datePublished": "2026-03-25T07:38:20.672Z",
"dateReserved": "2026-03-12T06:43:35.484Z",
"dateUpdated": "2026-03-25T13:26:49.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54082 (GCVE-0-2024-54082)
Vulnerability from nvd – Published: 2024-12-23 00:18 – Updated: 2024-12-24 00:39
VLAI?
Summary
home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:32:44.201878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:24.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:18:12.865Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-54082",
"datePublished": "2024-12-23T00:18:12.865Z",
"dateReserved": "2024-12-02T06:03:35.297Z",
"dateUpdated": "2024-12-24T00:39:24.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52321 (GCVE-0-2024-52321)
Vulnerability from nvd – Published: 2024-12-23 00:18 – Updated: 2024-12-24 00:39
VLAI?
Summary
Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker.
Severity ?
5.9 (Medium)
CWE
- CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:31:17.038246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:30.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-05L",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.C0 and earlier"
}
]
},
{
"product": "PocketWifi 809SH",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.B9 and earlier"
}
]
},
{
"product": "Speed Wi-Fi NEXT W07",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "02.00.48 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product\u0027s backup files containing sensitive information may be retrieved by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of sensitive system information to an unauthorized control sphere",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:18:08.358Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-52321",
"datePublished": "2024-12-23T00:18:08.358Z",
"dateReserved": "2024-12-02T06:03:32.297Z",
"dateUpdated": "2024-12-24T00:39:30.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47864 (GCVE-0-2024-47864)
Vulnerability from nvd – Published: 2024-12-23 00:18 – Updated: 2024-12-24 00:39
VLAI?
Summary
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down.
Severity ?
5.3 (Medium)
CWE
- CWE-120 - Buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:35:27.338755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:37.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:18:03.318Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47864",
"datePublished": "2024-12-23T00:18:03.318Z",
"dateReserved": "2024-12-02T06:03:34.435Z",
"dateUpdated": "2024-12-24T00:39:37.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46873 (GCVE-0-2024-46873)
Vulnerability from nvd – Published: 2024-12-23 00:17 – Updated: 2024-12-24 00:39
VLAI?
Summary
Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker.
Severity ?
9.8 (Critical)
CWE
- CWE-489 - Active debug code
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:35:52.238750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:44.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-05L",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.C0 and earlier"
}
]
},
{
"product": "PocketWifi 809SH",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.B9 and earlier"
}
]
},
{
"product": "Speed Wi-Fi NEXT W07",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "02.00.48 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "Active debug code",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:17:59.216Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-46873",
"datePublished": "2024-12-23T00:17:59.216Z",
"dateReserved": "2024-12-02T06:03:30.029Z",
"dateUpdated": "2024-12-24T00:39:44.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45721 (GCVE-0-2024-45721)
Vulnerability from nvd – Published: 2024-12-23 00:17 – Updated: 2024-12-24 00:39
VLAI?
Summary
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:32:46.849402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:52.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:17:55.581Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45721",
"datePublished": "2024-12-23T00:17:55.581Z",
"dateReserved": "2024-12-02T06:03:33.501Z",
"dateUpdated": "2024-12-24T00:39:52.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-32326 (GCVE-0-2026-32326)
Vulnerability from cvelistv5 – Published: 2026-03-25 07:38 – Updated: 2026-03-25 13:26
VLAI?
Summary
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.
Severity ?
5.7 (Medium)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR01 |
Affected:
38JP_0_490 and earlier
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:26:41.257984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:26:49.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR01",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "38JP_0_490 and earlier"
}
]
},
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.A1.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52A",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "38JP_2_03J and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.15 and earlierr"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.64.00 and earlier"
}
]
},
{
"product": "5G Mobile Router SH-U01",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S4.48.00 and earlier"
}
]
},
{
"product": "Pocket WiFi 5G A503SH",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S7.41.00 and earlier"
}
]
},
{
"product": "Speed Wi-Fi 5G X01",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "3RJP_2_03I and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T07:38:20.672Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/corporate/info/product-security/advisory-list/2026-002/"
},
{
"url": "https://jvn.jp/en/jp/JVN49524110/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32326",
"datePublished": "2026-03-25T07:38:20.672Z",
"dateReserved": "2026-03-12T06:43:35.484Z",
"dateUpdated": "2026-03-25T13:26:49.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54082 (GCVE-0-2024-54082)
Vulnerability from cvelistv5 – Published: 2024-12-23 00:18 – Updated: 2024-12-24 00:39
VLAI?
Summary
home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:32:44.201878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:24.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:18:12.865Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-54082",
"datePublished": "2024-12-23T00:18:12.865Z",
"dateReserved": "2024-12-02T06:03:35.297Z",
"dateUpdated": "2024-12-24T00:39:24.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52321 (GCVE-0-2024-52321)
Vulnerability from cvelistv5 – Published: 2024-12-23 00:18 – Updated: 2024-12-24 00:39
VLAI?
Summary
Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker.
Severity ?
5.9 (Medium)
CWE
- CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:31:17.038246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:30.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-05L",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.C0 and earlier"
}
]
},
{
"product": "PocketWifi 809SH",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.B9 and earlier"
}
]
},
{
"product": "Speed Wi-Fi NEXT W07",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "02.00.48 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product\u0027s backup files containing sensitive information may be retrieved by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of sensitive system information to an unauthorized control sphere",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:18:08.358Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-52321",
"datePublished": "2024-12-23T00:18:08.358Z",
"dateReserved": "2024-12-02T06:03:32.297Z",
"dateUpdated": "2024-12-24T00:39:30.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47864 (GCVE-0-2024-47864)
Vulnerability from cvelistv5 – Published: 2024-12-23 00:18 – Updated: 2024-12-24 00:39
VLAI?
Summary
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down.
Severity ?
5.3 (Medium)
CWE
- CWE-120 - Buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:35:27.338755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:37.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:18:03.318Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47864",
"datePublished": "2024-12-23T00:18:03.318Z",
"dateReserved": "2024-12-02T06:03:34.435Z",
"dateUpdated": "2024-12-24T00:39:37.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46873 (GCVE-0-2024-46873)
Vulnerability from cvelistv5 – Published: 2024-12-23 00:17 – Updated: 2024-12-24 00:39
VLAI?
Summary
Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker.
Severity ?
9.8 (Critical)
CWE
- CWE-489 - Active debug code
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:35:52.238750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:44.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-05L",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.C0 and earlier"
}
]
},
{
"product": "PocketWifi 809SH",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "01.00.B9 and earlier"
}
]
},
{
"product": "Speed Wi-Fi NEXT W07",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "02.00.48 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "Active debug code",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:17:59.216Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-46873",
"datePublished": "2024-12-23T00:17:59.216Z",
"dateReserved": "2024-12-02T06:03:30.029Z",
"dateUpdated": "2024-12-24T00:39:44.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45721 (GCVE-0-2024-45721)
Vulnerability from cvelistv5 – Published: 2024-12-23 00:17 – Updated: 2024-12-24 00:39
VLAI?
Summary
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Corporation | home 5G HR02 |
Affected:
S5.82.00 and earlier
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:32:46.849402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:52.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home 5G HR02",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S5.82.00 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-52B",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S3.87.11 and earlier"
}
]
},
{
"product": "Wi-Fi STATION SH-54C",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "S6.60.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T00:17:55.581Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
},
{
"url": "https://jvn.jp/en/jp/JVN61635834/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45721",
"datePublished": "2024-12-23T00:17:55.581Z",
"dateReserved": "2024-12-02T06:03:33.501Z",
"dateUpdated": "2024-12-24T00:39:52.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2024-000128
Vulnerability from jvndb - Published: 2024-12-17 07:54 - Updated:2024-12-17 07:54
Severity ?
Summary
Multiple vulnerabilities in SHARP routers
Details
SHARP routers contain multiple vulnerabilities listed below.
- OS command injection vulnerability in the HOST name configuration screen (CWE-78) - CVE-2024-45721
- The hidden debug function is enabled (CWE-489) - CVE-2024-46873
- Buffer overflow vulnerability in the hidden debug function (CWE-120) - CVE-2024-47864
- Improper authentication vulnerability in the configuration backup function (CWE-497) - CVE-2024-52321
- OS command injection vulnerability in the configuration restore function (CWE-78) - CVE-2024-54082
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000128.html",
"dc:date": "2024-12-17T07:54+09:00",
"dcterms:issued": "2024-12-17T07:54+09:00",
"dcterms:modified": "2024-12-17T07:54+09:00",
"description": "SHARP routers contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eOS command injection vulnerability in the HOST name configuration screen (CWE-78) - CVE-2024-45721\u003c/li\u003e\r\n\u003cli\u003eThe hidden debug function is enabled (CWE-489) - CVE-2024-46873\r\n\u003cli\u003eBuffer overflow vulnerability in the hidden debug function (CWE-120) - CVE-2024-47864\u003c/li\u003e\r\n\u003cli\u003eImproper authentication vulnerability in the configuration backup function (CWE-497) - CVE-2024-52321\u003c/li\u003e\r\n\u003cli\u003eOS command injection vulnerability in the configuration restore function (CWE-78) - CVE-2024-54082\u003c/li\u003e\u003c/ul\u003e\r\n\r\nShuto Imai of LAC Co., Ltd. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000128.html",
"sec:cpe": [
{
"#text": "cpe:/o:sharp:809sh",
"@product": "PocketWifi 809SH",
"@vendor": "Sharp Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:sharp:hr02",
"@product": "home 5G HR02",
"@vendor": "Sharp Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:sharp:sh-05l",
"@product": "Wi-Fi STATION SH-05L",
"@vendor": "Sharp Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:sharp:sh-52b",
"@product": "Wi-Fi STATION SH-52B",
"@vendor": "Sharp Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:sharp:sh54c",
"@product": "Wi-Fi STATION SH-54C",
"@vendor": "Sharp Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:sharp:w07",
"@product": "Speed Wi-Fi NEXT W07",
"@vendor": "Sharp Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000128",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN61635834/index.html",
"@id": "JVN#61635834",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46873",
"@id": "CVE-2024-46873",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-45721",
"@id": "CVE-2024-45721",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-54082",
"@id": "CVE-2024-54082",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-52321",
"@id": "CVE-2024-52321",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-47864",
"@id": "CVE-2024-47864",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in SHARP routers"
}