Multiple Mfps (Multifunction Printers)

Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.

Published: 2024-11-26T07:38:30.408Z
Updated: 2024-11-26T14:48:35.480Z

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:38:24.464Z
Updated: 2025-11-04T17:21:07.405Z

Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:38:18.359Z
Updated: 2024-11-26T14:09:24.516Z

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:38:12.712Z
Updated: 2025-11-04T17:21:06.049Z

There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:38:06.435Z
Updated: 2025-11-04T17:20:50.877Z

The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:37:57.671Z
Updated: 2025-11-04T17:20:30.355Z

Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:37:51.585Z
Updated: 2025-11-04T17:20:24.532Z

"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:37:44.549Z
Updated: 2025-11-04T17:20:23.150Z

Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:37:38.329Z
Updated: 2025-11-04T17:20:21.774Z

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:37:32.412Z
Updated: 2025-11-04T17:20:16.273Z

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:37:27.029Z
Updated: 2025-11-04T17:19:54.483Z

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:37:20.253Z
Updated: 2025-11-04T17:19:53.061Z

Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:37:14.737Z
Updated: 2025-11-04T17:19:40.571Z

The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Published: 2024-11-26T07:37:06.324Z
Updated: 2025-11-04T17:19:37.778Z