CVE-2024-33610

Summary

"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Affected Software

VendorProductVersion RangeStatus
Sharp CorporationMultiple MFPs (multifunction printers)See the information provided by Sharp Corporation listed under [References]affected
Toshiba Tec CorporationMultiple MFPs (multifunction printers)See the information provided by Toshiba Tec Corporation listed under [References]affected

Weaknesses

  • CWE-288: Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References