Vendor CVEs
Sharp
All CVEs
35 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11545 | Cri | 0.62 | — | 0.00 | Dec 22, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions. | ||
| CVE-2024-36248 | Cri | 0.59 | 9.1 | 0.01 | Nov 26, 2024 | API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||
| CVE-2023-38290 | Hig | 0.51 | 7.8 | 0.00 | Apr 22, 2024 | Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203',… | ||
| CVE-2017-2192 | Hig | 0.51 | 7.8 | 0.02 | Jun 9, 2017 | Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified… | ||
| CVE-2017-2191 | Hig | 0.51 | 7.8 | 0.01 | Jun 9, 2017 | Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-2190 | Hig | 0.51 | 7.8 | 0.02 | Jun 9, 2017 | Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-2189 | Hig | 0.51 | 7.8 | 0.01 | Jun 9, 2017 | Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2024-36249 | Hig | 0.48 | 7.4 | 0.01 | Nov 26, 2024 | Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of… | ||
| CVE-2024-54082 | Hig | 0.47 | 7.2 | 0.01 | Dec 23, 2024 | home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user. | ||
| CVE-2024-45721 | Hig | 0.47 | 7.2 | 0.01 | Dec 23, 2024 | home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user. | ||
| CVE-2024-7011 | Med | 0.42 | 6.5 | 0.00 | Sep 27, 2024 | Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X,… | ||
| CVE-2016-1176 | Med | 0.41 | 6.3 | 0.01 | Apr 5, 2016 | Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page. | ||
| CVE-2002-1975 | Med | 0.36 | 5.5 | 0.00 | Dec 31, 2002 | Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods. | ||
| CVE-2024-47864 | Med | 0.34 | 5.3 | 0.01 | Dec 23, 2024 | home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down. | ||
| CVE-2017-10890 | Med | 0.30 | 4.6 | 0.00 | Nov 17, 2017 | Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows… | ||
| CVE-2023-38302 | Med | 0.28 | 4.3 | 0.00 | Apr 22, 2024 | A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys) leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any… | ||
| CVE-2016-1175 | Med | 0.28 | 4.3 | 0.01 | Apr 5, 2016 | Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | ||
| CVE-2019-3929 | 0.23 | — | 0.99 | KEV | Apr 30, 2019 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware… | ||
| CVE-2025-11543 | 0.00 | — | 0.00 | Dec 22, 2025 | Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware. | |||
| CVE-2025-11540 | 0.00 | — | 0.00 | Dec 22, 2025 | Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector. | |||
| CVE-2024-45842 | 0.00 | — | 0.01 | Oct 25, 2024 | Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests. | |||
| CVE-2024-45302 | 0.00 | — | 0.00 | Aug 29, 2024 | RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a… | |||
| CVE-2024-23789 | 0.00 | — | 0.01 | Feb 14, 2024 | Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product. | |||
| CVE-2024-23788 | 0.00 | — | 0.01 | Feb 14, 2024 | Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product. | |||
| CVE-2024-23787 | 0.00 | — | 0.01 | Feb 14, 2024 | Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product. | |||
| CVE-2024-23786 | 0.00 | — | 0.01 | Feb 14, 2024 | Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page… | |||
| CVE-2024-23785 | 0.00 | — | 0.00 | Feb 14, 2024 | Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. | |||
| CVE-2024-23784 | 0.00 | — | 0.00 | Feb 14, 2024 | Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page… | |||
| CVE-2024-23783 | 0.00 | — | 0.01 | Feb 14, 2024 | Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. | |||
| CVE-2023-7077 | 0.00 | — | 0.01 | Feb 5, 2024 | Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending… | |||
| CVE-2022-45796 | 0.00 | — | 0.03 | Dec 16, 2022 | Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional… | |||
| CVE-2020-5571 | 0.00 | — | 0.01 | Apr 23, 2020 | SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and… | |||
| CVE-2014-7252 | 0.00 | — | 0.00 | Dec 5, 2014 | Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets… | |||
| CVE-2013-3655 | 0.00 | — | 0.02 | Jul 12, 2013 | The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 allows remote attackers to cause a denial of service (networking outage) via crafted packet data. | |||
| CVE-2002-1974 | 0.00 | — | 0.03 | Dec 31, 2002 | The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root. |
- risk 0.62cvss —epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions.
- risk 0.59cvss 9.1epss 0.01
API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
- risk 0.51cvss 7.8epss 0.00
Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203',…
- risk 0.51cvss 7.8epss 0.02
Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified…
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.02
Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.48cvss 7.4epss 0.01
Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of…
- risk 0.47cvss 7.2epss 0.01
home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user.
- risk 0.47cvss 7.2epss 0.01
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user.
- risk 0.42cvss 6.5epss 0.00
Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X,…
- risk 0.41cvss 6.3epss 0.01
Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page.
- risk 0.36cvss 5.5epss 0.00
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
- risk 0.34cvss 5.3epss 0.01
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down.
- risk 0.30cvss 4.6epss 0.00
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows…
- risk 0.28cvss 4.3epss 0.00
A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys) leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any…
- risk 0.28cvss 4.3epss 0.01
Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users.
- risk 0.23cvss —epss 0.99
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…
- CVE-2025-11543Dec 22, 2025risk 0.00cvss —epss 0.00
Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.
- CVE-2025-11540Dec 22, 2025risk 0.00cvss —epss 0.00
Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.
- CVE-2024-45842Oct 25, 2024risk 0.00cvss —epss 0.01
Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests.
- CVE-2024-45302Aug 29, 2024risk 0.00cvss —epss 0.00
RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a…
- CVE-2024-23789Feb 14, 2024risk 0.00cvss —epss 0.01
Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product.
- CVE-2024-23788Feb 14, 2024risk 0.00cvss —epss 0.01
Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.
- CVE-2024-23787Feb 14, 2024risk 0.00cvss —epss 0.01
Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.
- CVE-2024-23786Feb 14, 2024risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page…
- CVE-2024-23785Feb 14, 2024risk 0.00cvss —epss 0.00
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings.
- CVE-2024-23784Feb 14, 2024risk 0.00cvss —epss 0.00
Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page…
- CVE-2024-23783Feb 14, 2024risk 0.00cvss —epss 0.01
Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication.
- CVE-2023-7077Feb 5, 2024risk 0.00cvss —epss 0.01
Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending…
- CVE-2022-45796Dec 16, 2022risk 0.00cvss —epss 0.03
Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional…
- CVE-2020-5571Apr 23, 2020risk 0.00cvss —epss 0.01
SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and…
- CVE-2014-7252Dec 5, 2014risk 0.00cvss —epss 0.00
Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets…
- CVE-2013-3655Jul 12, 2013risk 0.00cvss —epss 0.02
The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 allows remote attackers to cause a denial of service (networking outage) via crafted packet data.
- CVE-2002-1974Dec 31, 2002risk 0.00cvss —epss 0.03
The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root.