Sharp MFPs Vulnerable to Data Contamination via HTTP Requests
CVE-2024-47549

6.1MEDIUM

Key Information:

Vendor: Sharp Corporation
Status: Sharp Digital Full-color Mfps And Monochrome Mfps; E-studio 908; E-studio 1058; E-studio 1208
Vendor: CVE Published:; 25 October 2024

Summary

Sharp and Toshiba Tec Multifunction Printers are affected by a vulnerability that arises from improper handling of query parameters in HTTP requests. This flaw can lead to unintended data being included in HTTP response headers, posing a risk for users accessing crafted URLs. When such URLs are accessed on an affected device, it may allow the execution of malicious scripts in the web browser, creating potential security risks. Users are encouraged to review their printer models and apply necessary security updates to mitigate these risks.

Affected Version(s)

e-STUDIO 1058 T1.01.h4.00 and earlier versions

e-STUDIO 1208 T1.01.h4.00 and earlier versions

e-STUDIO 908 T2.12.h3.00 and earlier versions

References

https://jvn.jp/en/vu/JVNVU95063136/

https://global.sharp/products/copier/info/info_security_2...

https://www.toshibatec.com/information/20241025_01.html

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 25, 2024
Vulnerability Reserved
Oct 16, 2024