CVE-2024-36251

Summary

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Affected Software

VendorProductVersion RangeStatus
Sharp CorporationMultiple MFPs (multifunction printers)See the information provided by Sharp Corporation listed under [References]affected
Toshiba Tec CorporationMultiple MFPs (multifunction printers)See the information provided by Toshiba Tec Corporation listed under [References]affected

Weaknesses

  • CWE-125: Out-of-bounds read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References