CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43424
https://notcve.org/view.php?id=CVE-2024-43424
25 Oct 2024 — Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. • https://jvn.jp/en/vu/JVNVU95063136 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 323EXPL: 0CVE-2024-42420
https://notcve.org/view.php?id=CVE-2024-42420
25 Oct 2024 — Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed. • https://jvn.jp/en/vu/JVNVU95063136 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7011
https://notcve.org/view.php?id=CVE-2024-7011
27 Sep 2024 — Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-M... • https://www.sharp-nec-displays.com/global/support/info/Projector_vulnerability_202408.html • CWE-1242: Inclusion of Undocumented Features or Chicken Bits •
CVSS: 7.8EPSS: 3%CPEs: 22EXPL: 1CVE-2024-36251 – Sharp Multi-Function Printer 18 Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-36251
04 Jul 2024 — The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. La interfaz web de los dispositivos afectados procesa incorrectamente algunas solicitudes HTTP manipuladas, lo que pro... • https://packetstorm.news/files/id/179363 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38290
https://notcve.org/view.php?id=CVE-2023-38290
22 Apr 2024 — Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc (versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203', versionName='9.0212.03') that allows local third-party apps to execute arbitrary shell commands in its context (system user) due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerabi... • https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf • CWE-1263: Improper Physical Access Control •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2024-23789
https://notcve.org/view.php?id=CVE-2024-23789
14 Feb 2024 — Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product. Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante no autenticado adyacente a la red ejecute un comando arbitrario del sistema operativo en el producto afectado. • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23788
https://notcve.org/view.php?id=CVE-2024-23788
14 Feb 2024 — Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product. Vulnerabilidad de server-side request forgery en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante no autenticado adyacente a la red envíe una solicitud HTTP (GET) arbitraria desde el pro... • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23787
https://notcve.org/view.php?id=CVE-2024-23787
14 Feb 2024 — Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product. Vulnerabilidad de path traversal en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante no autenticado adyacente a la red obtenga un archivo arbitrario en el producto afectado. • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.4EPSS: 2%CPEs: 2EXPL: 0CVE-2024-23786
https://notcve.org/view.php?id=CVE-2024-23786
14 Feb 2024 — Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product. Vulnerabilidad de Cross-Site Scripting en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante no autenticado adyacente a la red ejecute un ... • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23785
https://notcve.org/view.php?id=CVE-2024-23785
14 Feb 2024 — Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. Vulnerabilidad de cross-site request forgery en Energy Management Controller con servicios en la nube JH-RVB1 /JH-RV11 Ver.B0.1.9.1 y anteriores permite que un atacante remoto no autenticado cambie la configuración del producto. • https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •