VYPR

MFP

by Sharp

CVEs (11)

  • CVE-2024-33610CriNov 26, 2024
    risk 0.63cvss 9.1epss 0.45

    "sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product…

  • CVE-2024-36248CriNov 26, 2024
    risk 0.59cvss 9.1epss 0.01

    API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

  • CVE-2024-35244CriNov 26, 2024
    risk 0.59cvss 9.1epss 0.01

    There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model…

  • CVE-2024-28038CriNov 26, 2024
    risk 0.59cvss 9.0epss 0.03

    The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model…

  • CVE-2024-36251HigNov 26, 2024
    risk 0.49cvss 7.5epss 0.04

    The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names,…

  • CVE-2024-32151MedNov 26, 2024
    risk 0.38cvss 5.9epss 0.01

    User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors…

  • CVE-2024-29978MedNov 26, 2024
    risk 0.38cvss 5.9epss 0.01

    User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors…

  • CVE-2024-29146MedNov 26, 2024
    risk 0.38cvss 5.9epss 0.01

    User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors…

  • CVE-2024-28955MedNov 26, 2024
    risk 0.38cvss 5.9epss 0.01

    Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to…

  • CVE-2024-34162MedNov 26, 2024
    risk 0.35cvss 5.3epss 0.01

    The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text…

  • CVE-2024-33616MedNov 26, 2024
    risk 0.35cvss 5.3epss 0.01

    Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the…