Stack Buffer Overflow Vulnerability Affects Multiple Devices
CVE-2024-28038

9CRITICAL

Key Information:

Vendor: Sharp Corporation
Status: Multiple Mfps (multifunction Printers)
Vendor: CVE Published:; 26 November 2024

Summary

A vulnerability exists in the web interface of certain Multi-Function Printers (MFP) from Sharp and Toshiba. The flaw arises from improper processing of the cookie value associated with the MFPSESSIONID parameter, which allows for a stack buffer overflow if an excessively long character string is submitted. This could potentially enable unauthorized access or manipulation of system resources. Users of affected devices should review their configurations and apply recommended security patches from the manufacturers to mitigate associated risks.

Affected Version(s)

Multiple MFPs (multifunction printers) See the information provided by Sharp Corporation listed under [References]

Multiple MFPs (multifunction printers) See the information provided by Toshiba Tec Corporation listed under [References]

References

https://global.sharp/products/copier/info/info_security_2...

https://jp.sharp/business/print/information/info_security...

https://www.toshibatec.com/information/20240531_02.html

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
May 22, 2024