Vulnerability in Device Could Allow Unauthorized Access
CVE-2024-35244

9.1CRITICAL

Key Information:

Vendor: Sharp Corporation
Status: Multiple Mfps (multifunction Printers)
Vendor: CVE Published:; 26 November 2024

Summary

The vulnerability presents a risk associated with several hidden accounts within Sharp and Toshiba multifunction printers. These accounts are designed for maintenance purposes. If an attacker gains access to the associated passwords—potentially through methods such as analyzing system coredumps—they can exploit these hidden accounts to reconfigure the device. This situation poses a significant security concern as it could enable unauthorized adjustments to critical printer settings, consequently compromising the integrity and security of sensitive information. Users of affected products are advised to review the security guidelines and implement necessary precautions to mitigate potential risks.

Affected Version(s)

Multiple MFPs (multifunction printers) See the information provided by Sharp Corporation listed under [References]

Multiple MFPs (multifunction printers) See the information provided by Toshiba Tec Corporation listed under [References]

References

https://global.sharp/products/copier/info/info_security_2...

https://jp.sharp/business/print/information/info_security...

https://www.toshibatec.com/information/20240531_02.html

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
May 22, 2024