MFPs
by Toshibatec
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47406 | Cri | 0.59 | 9.1 | 0.01 | Oct 25, 2024 | Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. | ||
| CVE-2024-47005 | Hig | 0.53 | 8.1 | 0.00 | Oct 25, 2024 | Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs. | ||
| CVE-2024-43424 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2024 | Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. | ||
| CVE-2024-42420 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2024 | Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed. | ||
| CVE-2024-47801 | Hig | 0.48 | 7.4 | 0.00 | Oct 25, 2024 | Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. | ||
| CVE-2024-47549 | Hig | 0.48 | 7.4 | 0.00 | Oct 25, 2024 | Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. | ||
| CVE-2024-48870 | Med | 0.40 | 6.2 | 0.00 | Oct 25, 2024 | Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users. | ||
| CVE-2024-45842 | Med | 0.34 | 5.3 | 0.01 | Oct 25, 2024 | Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests. | ||
| CVE-2024-45829 | Med | 0.32 | 4.9 | 0.01 | Oct 25, 2024 | Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. |
- risk 0.59cvss 9.1epss 0.01
Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.
- risk 0.53cvss 8.1epss 0.00
Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs.
- risk 0.49cvss 7.5epss 0.01
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed.
- risk 0.49cvss 7.5epss 0.01
Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed.
- risk 0.48cvss 7.4epss 0.00
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
- risk 0.48cvss 7.4epss 0.00
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
- risk 0.40cvss 6.2epss 0.00
Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.
- risk 0.34cvss 5.3epss 0.01
Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests.
- risk 0.32cvss 4.9epss 0.01
Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed.