Improper Authentication Vulnerability in SHARP Routers
CVE-2024-52321

5.9MEDIUM

Key Information:

Vendor: Sharp Corporation
Status: Home 5g Hr02; Wi-fi Station Sh-52b; Wi-fi Station Sh-54c; Wi-fi Station Sh-05l
Vendor: CVE Published:; 23 December 2024

Summary

Multiple SHARP routers have been identified with an improper authentication flaw within the configuration backup utility. This vulnerability allows remote unauthenticated attackers to access configuration backup files, which may contain sensitive information critical for network security. The issue arises from inadequate restrictions placed on the access and retrieval of these backup files, posing a significant risk to users' data integrity. It is crucial for organizations using these devices to implement mitigation strategies and follow security best practices to safeguard against potential exploitation.

Affected Version(s)

home 5G HR02 S5.82.00 and earlier

PocketWifi 809SH 01.00.B9 and earlier

Speed Wi-Fi NEXT W07 02.00.48 and earlier

References

https://k-tai.sharp.co.jp/support/info/info083.html

https://jvn.jp/en/jp/JVN61635834/

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 23, 2024
Vulnerability Reserved
Dec 2, 2024