Action not permitted
Modal body text goes here.
Modal Title
Modal Body
JVNDB-2024-003253
Vulnerability from jvndb - Published: 2024-06-03 14:36 - Updated:2024-06-03 14:36
Severity
Summary
Multiple vulnerabilities in Sharp and Toshiba Tec MFPs
Details
Sharp and Toshiba Tec MFPs (multifunction printers) contain multiple vulnerabilities listed below.
* Stack-based Buffer Overflow (CWE-121) - CVE-2024-28038
* Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28955
* Cleartext Storage of Sensitive Information (CWE-312) - CVE-2024-29146
* Plaintext Storage of a Password (CWE-256) - CVE-2024-29978
* Storing Passwords in a Recoverable Format (CWE-257) - CVE-2024-32151
* Path Traversal (CWE-22) - CVE-2024-33605
* Improper Access Control (CWE-284) - CVE-2024-33610, CVE-2024-33616
* Access to Critical Private Variable via Public Method (CWE-767) - CVE-2024-34162
* Use of Hard-coded Credentials (CWE-798) - CVE-2024-35244, CVE-2024-36248
* Cross-site Scripting (CWE-79) - CVE-2024-36249
* Out-of-bounds Read (CWE-125) - CVE-2024-36251, CVE-2024-36254
As for the vulnerabilities listed below, Pierre Barre reported them to JPCERT/CC, and JPCERT/CC coordinated with Sharp Corporation.
CVE-2024-28038, CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151, CVE-2024-33605, CVE-2024-33610, CVE-2024-33616, CVE-2024-34162, CVE-2024-35244, CVE-2024-36248, CVE-2024-36251, CVE-2024-36254
As for the vulnerabilities listed below, Sharp Corporation received reports and coordinated with the reporters directly, and after the coordination was completed, Sharp reported them to JPCERT/CC to notify the users of the solutions through JVN.
CVE-2024-33610, CVE-2024-36249, CVE-2024-36251, CVE-2024-36254
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003253.html",
"dc:date": "2024-06-03T14:36+09:00",
"dcterms:issued": "2024-06-03T14:36+09:00",
"dcterms:modified": "2024-06-03T14:36+09:00",
"description": "Sharp and Toshiba Tec MFPs (multifunction printers) contain multiple vulnerabilities listed below.\r\n\r\n * Stack-based Buffer Overflow (CWE-121) - CVE-2024-28038\r\n * Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28955\r\n * Cleartext Storage of Sensitive Information (CWE-312) - CVE-2024-29146\r\n * Plaintext Storage of a Password (CWE-256) - CVE-2024-29978\r\n * Storing Passwords in a Recoverable Format (CWE-257) - CVE-2024-32151\r\n * Path Traversal (CWE-22) - CVE-2024-33605\r\n * Improper Access Control (CWE-284) - CVE-2024-33610, CVE-2024-33616\r\n * Access to Critical Private Variable via Public Method (CWE-767) - CVE-2024-34162\r\n * Use of Hard-coded Credentials (CWE-798) - CVE-2024-35244, CVE-2024-36248\r\n * Cross-site Scripting (CWE-79) - CVE-2024-36249\r\n * Out-of-bounds Read (CWE-125) - CVE-2024-36251, CVE-2024-36254\r\n\r\nAs for the vulnerabilities listed below, Pierre Barre reported them to JPCERT/CC, and JPCERT/CC coordinated with Sharp Corporation.\r\nCVE-2024-28038, CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151, CVE-2024-33605, CVE-2024-33610, CVE-2024-33616, CVE-2024-34162, CVE-2024-35244, CVE-2024-36248, CVE-2024-36251, CVE-2024-36254\r\n\r\nAs for the vulnerabilities listed below, Sharp Corporation received reports and coordinated with the reporters directly, and after the coordination was completed, Sharp reported them to JPCERT/CC to notify the users of the solutions through JVN.\r\nCVE-2024-33610, CVE-2024-36249, CVE-2024-36251, CVE-2024-36254",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003253.html",
"sec:cpe": [
{
"#text": "cpe:/a:sharp:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "Sharp Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:toshibatec:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "TOSHIBA TEC",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.1",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-003253",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93051062/index.html",
"@id": "JVNVU#93051062",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28038",
"@id": "CVE-2024-28038",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28955",
"@id": "CVE-2024-28955",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-29146",
"@id": "CVE-2024-29146",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-29978",
"@id": "CVE-2024-29978",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-32151",
"@id": "CVE-2024-32151",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-33605",
"@id": "CVE-2024-33605",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-33610",
"@id": "CVE-2024-33610",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-33616",
"@id": "CVE-2024-33616",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-34162",
"@id": "CVE-2024-34162",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-35244",
"@id": "CVE-2024-35244",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36248",
"@id": "CVE-2024-36248",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36249",
"@id": "CVE-2024-36249",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36251",
"@id": "CVE-2024-36251",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36254",
"@id": "CVE-2024-36254",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/121.html",
"@id": "CWE-121",
"@title": "Stack-based Buffer Overflow(CWE-121)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/256.html",
"@id": "CWE-256",
"@title": "Unprotected Storage of Credentials(CWE-256)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/257.html",
"@id": "CWE-257",
"@title": "Storing Passwords in a Recoverable Format(CWE-257)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/312.html",
"@id": "CWE-312",
"@title": "Cleartext Storage of Sensitive Information(CWE-312)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/732.html",
"@id": "CWE-732",
"@title": "Incorrect Permission Assignment for Critical Resource(CWE-732)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/767.html",
"@id": "CWE-767",
"@title": "Access to Critical Private Variable via Public Method(CWE-767)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/798.html",
"@id": "CWE-798",
"@title": "Use of Hard-coded Credentials(CWE-798)"
}
],
"title": "Multiple vulnerabilities in Sharp and Toshiba Tec MFPs"
}
CVE-2024-36248 (GCVE-0-2024-36248)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:21
VLAI
EPSS
Summary
API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of hard-coded credentials
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://global.sharp/products/copier/info/info_se… | |
| https://jp.sharp/business/print/information/info_… | |
| https://www.toshibatec.com/information/20240531_02.html | |
| https://www.toshibatec.co.jp/information/20240531… | |
| https://jvn.jp/en/vu/JVNVU93051062/ | |
| https://pierrekim.github.io/blog/2024-06-27-sharp… | |
| http://seclists.org/fulldisclosure/2024/Jul/0 |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|
| Toshiba Tec Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Toshiba Tec Corporation listed under [References]
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T16:20:15.617804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:13:00.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:06.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of hard-coded credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:38:12.712Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36248",
"datePublished": "2024-11-26T07:38:12.712Z",
"dateReserved": "2024-05-22T09:00:17.964Z",
"dateUpdated": "2025-11-04T17:21:06.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36249 (GCVE-0-2024-36249)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2024-11-26 14:09
VLAI
EPSS
Summary
Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|
| Toshiba Tec Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Toshiba Tec Corporation listed under [References]
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:03:17.536595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:09:24.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:38:18.359Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36249",
"datePublished": "2024-11-26T07:38:18.359Z",
"dateReserved": "2024-05-22T09:00:09.251Z",
"dateUpdated": "2024-11-26T14:09:24.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36251 (GCVE-0-2024-36251)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2025-11-04 17:21
VLAI
EPSS
Summary
The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://global.sharp/products/copier/info/info_se… | |
| https://jp.sharp/business/print/information/info_… | |
| https://www.toshibatec.com/information/20240531_02.html | |
| https://www.toshibatec.co.jp/information/20240531… | |
| https://jvn.jp/en/vu/JVNVU93051062/ | |
| https://pierrekim.github.io/blog/2024-06-27-sharp… | |
| http://seclists.org/fulldisclosure/2024/Jul/0 |
Impacted products
24 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|
| Toshiba Tec Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Toshiba Tec Corporation listed under [References]
|
|
| sharp | mx-m905 |
Affected:
611
cpe:2.3:h:sharp:mx-m905:-:*:*:*:*:*:*:* |
|
| sharp | mx-m6070 |
Affected:
502
cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:* |
|
| sharp | mx-m5070 |
Affected:
502
cpe:2.3:h:sharp:mx-m5070:-:*:*:*:*:*:*:* |
|
| sharp | mx-m4070 |
Affected:
502
cpe:2.3:h:sharp:mx-m4070:-:*:*:*:*:*:*:* |
|
| sharp | mx-m3570 |
Affected:
502
cpe:2.3:h:sharp:mx-m3570:-:*:*:*:*:*:*:* |
|
| sharp | mx-m3070 |
Affected:
502
cpe:2.3:h:sharp:mx-m3070:-:*:*:*:*:*:*:* |
|
| sharp | mx-m6050 |
Affected:
502
cpe:2.3:h:sharp:mx-m6050:-:*:*:*:*:*:*:* |
|
| sharp | mx-m5050 |
Affected:
502
cpe:2.3:h:sharp:mx-m5050:-:*:*:*:*:*:*:* |
|
| sharp | mx-m4050 |
Affected:
502
cpe:2.3:h:sharp:mx-m4050:-:*:*:*:*:*:*:* |
|
| sharp | mx-m3550 |
Affected:
502
cpe:2.3:h:sharp:mx-m3550:-:*:*:*:*:*:*:* |
|
| sharp | mx-m3050 |
Affected:
502
cpe:2.3:h:sharp:mx-m3050:-:*:*:*:*:*:*:* |
|
| sharp | mx-m2630 |
Affected:
502
cpe:2.3:h:sharp:mx-m2630:-:*:*:*:*:*:*:* |
|
| sharp | bp-b550wd |
Affected:
250
cpe:2.3:h:sharp:bp-b550wd:-:*:*:*:*:*:*:* |
|
| sharp | bp-b540wr |
Affected:
250
cpe:2.3:h:sharp:bp-b540wr:-:*:*:*:*:*:*:* |
|
| sharp | bp-b547wd |
Affected:
250
cpe:2.3:h:sharp:bp-b547wd:-:*:*:*:*:*:*:* |
|
| sharp | bp-b537wr |
Affected:
250
cpe:2.3:h:sharp:bp-b537wr:-:*:*:*:*:*:*:* |
|
| sharp | mx-b455w |
Affected:
404
cpe:2.3:h:sharp:mx-b455w:-:*:*:*:*:*:*:* |
|
| sharp | mx-b355w |
Affected:
404
cpe:2.3:h:sharp:mx-b355w:-:*:*:*:*:*:*:* |
|
| sharp | mx-b455wz |
Affected:
404
cpe:2.3:h:sharp:mx-b455wz:-:*:*:*:*:*:*:* |
|
| sharp | mx-b355wz |
Affected:
404
cpe:2.3:h:sharp:mx-b355wz:-:*:*:*:*:*:*:* |
|
| sharp | mx-b455wt |
Affected:
404
cpe:2.3:h:sharp:mx-b455wt:-:*:*:*:*:*:*:* |
|
| sharp | mx-b355wt |
Affected:
404
cpe:2.3:h:sharp:mx-b355wt:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:sharp:mx-m905:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m905",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "611"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m5070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m5070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m4070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m4070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3570:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3570",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m6050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m5050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m5050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m4050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m4050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3550:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3550",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m3050:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m3050",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m2630:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m2630",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-m6070",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "502"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b550wd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b550wd",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b540wr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b540wr",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b547wd:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b547wd",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-b537wr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-b537wr",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "250"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b455w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455w",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b355w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b355w",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b455wz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455wz",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b355wz:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b355wz",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b455wt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b455wt",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-b355wt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-b355wt",
"vendor": "sharp",
"versions": [
{
"status": "affected",
"version": "404"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36251",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:19:13.648769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:28:15.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:07.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:38:24.464Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36251",
"datePublished": "2024-11-26T07:38:24.464Z",
"dateReserved": "2024-05-22T09:00:10.181Z",
"dateUpdated": "2025-11-04T17:21:07.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36254 (GCVE-0-2024-36254)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2024-11-26 14:48
VLAI
EPSS
Summary
Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds read
Assigner
References
Impacted products
51 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|
| Toshiba Tec Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Toshiba Tec Corporation listed under [References]
|
|
| sharp | bp-90c70 |
Affected:
0 , ≤ 200
(custom)
cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:* |
|
| sharp | bp-90c80 |
Affected:
0 , ≤ 200
(custom)
cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:* |
|
| sharp | bp-70c65 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-70c65:-:*:*:*:*:*:*:* |
|
| sharp | bp-70c55 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-70c55:-:*:*:*:*:*:*:* |
|
| sharp | bp-70c45 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-70c45:-:*:*:*:*:*:*:* |
|
| sharp | bp-70c36 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-70c36:-:*:*:*:*:*:*:* |
|
| sharp | bp-70c31 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-70c31:-:*:*:*:*:*:*:* |
|
| sharp | bp-60c45 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-60c45:-:*:*:*:*:*:*:* |
|
| sharp | bp-60c36 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-60c36:-:*:*:*:*:*:*:* |
|
| sharp | bp-60c31 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-60c31:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c65 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c65:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c55 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c55:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c45 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c45:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c36 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c36:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c31 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c31:-:*:*:*:*:*:*:* |
|
| sharp | bp-50c26 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-50c26:-:*:*:*:*:*:*:* |
|
| sharp | bp-55c26 |
Affected:
0 , ≤ 310
(custom)
cpe:2.3:h:sharp:bp-55c26:-:*:*:*:*:*:*:* |
|
| sharp | mx-8081 |
Affected:
0 , ≤ 150
(custom)
cpe:2.3:h:sharp:mx-8081:-:*:*:*:*:*:*:* |
|
| sharp | mx-7081 |
Affected:
0 , ≤ 150
(custom)
cpe:2.3:h:sharp:mx-7081:-:*:*:*:*:*:*:* |
|
| sharp | mx-6071 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-6071:-:*:*:*:*:*:*:* |
|
| sharp | mx-5071 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-5071:-:*:*:*:*:*:*:* |
|
| sharp | mx-4071 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-4071:-:*:*:*:*:*:*:* |
|
| sharp | mx-3571 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3571:-:*:*:*:*:*:*:* |
|
| sharp | mx-3071 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3071:-:*:*:*:*:*:*:* |
|
| sharp | mx-4061 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-4061:-:*:*:*:*:*:*:* |
|
| sharp | mx-3561 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3561:-:*:*:*:*:*:*:* |
|
| sharp | mx-3061 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3061:-:*:*:*:*:*:*:* |
|
| sharp | mx-6051 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-6051:-:*:*:*:*:*:*:* |
|
| sharp | mx-5051 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-5051:-:*:*:*:*:*:*:* |
|
| sharp | mx-4051 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-4051:-:*:*:*:*:*:*:* |
|
| sharp | mx-3551 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3551:-:*:*:*:*:*:*:* |
|
| sharp | mx-3051 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3051:-:*:*:*:*:*:*:* |
|
| sharp | mx-2651 |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-2651:-:*:*:*:*:*:*:* |
|
| sharp | mx-6071s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-6071s:-:*:*:*:*:*:*:* |
|
| sharp | mx-5071s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-5071s:-:*:*:*:*:*:*:* |
|
| sharp | mx-4071s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-4071s:-:*:*:*:*:*:*:* |
|
| sharp | mx-3571s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3571s:-:*:*:*:*:*:*:* |
|
| sharp | mx-3071s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3071s:-:*:*:*:*:*:*:* |
|
| sharp | mx-4061s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-4061s:-:*:*:*:*:*:*:* |
|
| sharp | mx-3561s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3561s:-:*:*:*:*:*:*:* |
|
| sharp | mx-3061s |
Affected:
0 , ≤ 612
(custom)
cpe:2.3:h:sharp:mx-3061s:-:*:*:*:*:*:*:* |
|
| sharp | bp-30c25 |
Affected:
0 , ≤ 123
(custom)
cpe:2.3:h:sharp:bp-30c25:-:*:*:*:*:*:*:* |
|
| sharp | bp-30c25y |
Affected:
0 , ≤ 123
(custom)
cpe:2.3:h:sharp:bp-30c25y:-:*:*:*:*:*:*:* |
|
| sharp | bp-30c25z |
Affected:
0 , ≤ 123
(custom)
cpe:2.3:h:sharp:bp-30c25z:-:*:*:*:*:*:*:* |
|
| sharp | bp-30c25t |
Affected:
0 , ≤ 123
(custom)
cpe:2.3:h:sharp:bp-30c25t:-:*:*:*:*:*:*:* |
|
| sharp | mx-7580n |
Affected:
0 , ≤ 502
(custom)
cpe:2.3:h:sharp:mx-7580n:-:*:*:*:*:*:*:* |
|
| sharp | mx-6580n |
Affected:
0 , ≤ 502
(custom)
cpe:2.3:h:sharp:mx-6580n:-:*:*:*:*:*:*:* |
|
| sharp | mx-8090n |
Affected:
0 , ≤ 404
(custom)
cpe:2.3:h:sharp:mx-8090n:-:*:*:*:*:*:*:* |
|
| sharp | mx-7090n |
Affected:
0 , ≤ 404
(custom)
cpe:2.3:h:sharp:mx-7090n:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-90c70",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-90c80",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "200",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c65:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c65",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c55:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c55",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c45:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c45",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c36:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c36",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-70c31:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-70c31",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-60c45:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-60c45",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-60c36:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-60c36",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-60c31:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-60c31",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c65:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c65",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c55:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c55",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c45:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c45",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c36:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c36",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c31:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c31",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-50c26:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-50c26",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-55c26:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-55c26",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "310",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-8081:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8081",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "150",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-7081:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7081",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "150",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-5071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-5071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3571:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3571",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3071:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3071",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4061:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4061",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3561:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3561",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3061:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3061",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-5051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-5051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3551:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3551",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3051:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3051",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-2651:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-2651",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-5071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-5071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3571s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3571s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3071s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3071s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-4061s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-4061s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3561s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3561s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-3061s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-3061s",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "612",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25y:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25y",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25z:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25z",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:bp-30c25t:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bp-30c25t",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-7580n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7580n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "502",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-6580n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-6580n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "502",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-8090n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-8090n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "404",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:sharp:mx-7090n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mx-7090n",
"vendor": "sharp",
"versions": [
{
"lessThanOrEqual": "404",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:24:25.876189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:48:35.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:38:30.408Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36254",
"datePublished": "2024-11-26T07:38:30.408Z",
"dateReserved": "2024-05-22T09:00:17.089Z",
"dateUpdated": "2024-11-26T14:48:35.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…