ACME Inc.: Billcodedef_sub_sel.html Processing Vulnerability Causes Device Crash
CVE-2024-36251

7.5HIGH

Key Information:

Vendor: Sharp Corporation
Status: Multiple Mfps (multifunction Printers)
Vendor: CVE Published:; 26 November 2024

Summary

The vulnerability arises from the improper handling of crafted HTTP requests in the web interface of specific multifunction printers by Sharp and Toshiba. These devices are susceptible to crashing when a maliciously constructed parameter is sent to the 'billcodedef_sub_sel.html' page. This security flaw can severely disrupt device functionality, impacting organizations relying on these printers for their operational needs. Users are urged to review their devices' specifications and consult vendor documentation for further preventive measures and solutions.

Affected Version(s)

Multiple MFPs (multifunction printers) See the information provided by Sharp Corporation listed under [References]

Multiple MFPs (multifunction printers) See the information provided by Toshiba Tec Corporation listed under [References]

References

https://global.sharp/products/copier/info/info_security_2...

https://jp.sharp/business/print/information/info_security...

https://www.toshibatec.com/information/20240531_02.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
May 22, 2024