VYPR

Vendor CVEs

Sharp

All CVEs

35 total · sorted by risk
  • CVE-2025-11545CriDec 22, 2025
    risk 0.62cvss epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions.

  • CVE-2024-36248CriNov 26, 2024
    risk 0.59cvss 9.1epss 0.01

    API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

  • CVE-2023-38290HigApr 22, 2024
    risk 0.51cvss 7.8epss 0.00

    Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203',…

  • CVE-2017-2192HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.02

    Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified…

  • CVE-2017-2191HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2190HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.02

    Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2189HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2024-36249HigNov 26, 2024
    risk 0.48cvss 7.4epss 0.01

    Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of…

  • CVE-2024-54082HigDec 23, 2024
    risk 0.47cvss 7.2epss 0.01

    home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user.

  • CVE-2024-45721HigDec 23, 2024
    risk 0.47cvss 7.2epss 0.01

    home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user.

  • CVE-2024-7011MedSep 27, 2024
    risk 0.42cvss 6.5epss 0.00

    Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X,…

  • CVE-2016-1176MedApr 5, 2016
    risk 0.41cvss 6.3epss 0.01

    Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page.

  • CVE-2002-1975MedDec 31, 2002
    risk 0.36cvss 5.5epss 0.00

    Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.

  • CVE-2024-47864MedDec 23, 2024
    risk 0.34cvss 5.3epss 0.01

    home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down.

  • CVE-2017-10890MedNov 17, 2017
    risk 0.30cvss 4.6epss 0.00

    Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows…

  • CVE-2023-38302MedApr 22, 2024
    risk 0.28cvss 4.3epss 0.00

    A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys) leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any…

  • CVE-2016-1175MedApr 5, 2016
    risk 0.28cvss 4.3epss 0.01

    Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2019-3929KEVApr 30, 2019
    risk 0.23cvss epss 0.99

    The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…

  • CVE-2025-11543Dec 22, 2025
    risk 0.00cvss epss 0.00

    Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.

  • CVE-2025-11540Dec 22, 2025
    risk 0.00cvss epss 0.00

    Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.

  • CVE-2024-45842Oct 25, 2024
    risk 0.00cvss epss 0.01

    Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests.

  • CVE-2024-45302Aug 29, 2024
    risk 0.00cvss epss 0.00

    RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a…

  • CVE-2024-23789Feb 14, 2024
    risk 0.00cvss epss 0.01

    Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product.

  • CVE-2024-23788Feb 14, 2024
    risk 0.00cvss epss 0.01

    Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.

  • CVE-2024-23787Feb 14, 2024
    risk 0.00cvss epss 0.01

    Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.

  • CVE-2024-23786Feb 14, 2024
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page…

  • CVE-2024-23785Feb 14, 2024
    risk 0.00cvss epss 0.00

    Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings.

  • CVE-2024-23784Feb 14, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page…

  • CVE-2024-23783Feb 14, 2024
    risk 0.00cvss epss 0.01

    Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication.

  • CVE-2023-7077Feb 5, 2024
    risk 0.00cvss epss 0.01

    Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending…

  • CVE-2022-45796Dec 16, 2022
    risk 0.00cvss epss 0.03

    Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional…

  • CVE-2020-5571Apr 23, 2020
    risk 0.00cvss epss 0.01

    SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and…

  • CVE-2014-7252Dec 5, 2014
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets…

  • CVE-2013-3655Jul 12, 2013
    risk 0.00cvss epss 0.02

    The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 allows remote attackers to cause a denial of service (networking outage) via crafted packet data.

  • CVE-2002-1974Dec 31, 2002
    risk 0.00cvss epss 0.03

    The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root.