Sharp MFPs Experience Out-of-bounds Read Vulnerability
CVE-2024-45829

7.5HIGH

Key Information:

Vendor: Sharp Corporation
Status: Sharp Digital Full-color Mfps And Monochrome Mfps; E-studio 908; E-studio 1058; E-studio 1208
Vendor: CVE Published:; 25 October 2024

Summary

A security vulnerability has been identified in Sharp and Toshiba Tec multifunction printers that enables an Out-of-bounds Read condition. This issue arises from improper processing of query parameters in HTTP requests on the web pages used for data downloading. When manipulated, crafted HTTP requests can exploit this vulnerability, potentially causing the affected devices to crash. Organizations using these MFPs should assess their systems and apply necessary patches to mitigate risks associated with this vulnerability.

Affected Version(s)

e-STUDIO 1058 T1.01.h4.00 and earlier versions

e-STUDIO 1208 T1.01.h4.00 and earlier versions

e-STUDIO 908 T2.12.h3.00 and earlier versions

References

https://jvn.jp/en/vu/JVNVU95063136/

https://global.sharp/products/copier/info/info_security_2...

https://www.toshibatec.com/information/20241025_01.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2024
Vulnerability Reserved
Oct 16, 2024