Path Traversal Vulnerability in installed_emanual_list.html
CVE-2024-33605

7.5HIGH

Key Information:

Vendor: Sharp Corporation
Status: Multiple Mfps (multifunction Printers)
Vendor: CVE Published:; 26 November 2024

Summary

A path traversal vulnerability has been identified in Sharp and Toshiba multifunction printers due to improper processing of parameters in the installed_emanual_list.html file. This flaw could allow an attacker to access unauthorized files on the server, potentially leading to sensitive information exposure. It is crucial for users of the affected printer models to apply recommended security measures provided by the vendors to mitigate the risks associated with this vulnerability.

Affected Version(s)

Multiple MFPs (multifunction printers) See the information provided by Sharp Corporation listed under [References]

Multiple MFPs (multifunction printers) See the information provided by Toshiba Tec Corporation listed under [References]

References

https://global.sharp/products/copier/info/info_security_2...

https://jp.sharp/business/print/information/info_security...

https://www.toshibatec.com/information/20240531_02.html

EPSS Score

45% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
May 22, 2024