CVE-2024-45842

Summary

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
Sharp CorporationSharp Digital Full-color MFPs and Monochrome MFPssee the information provided by Sharp Corporationaffected
Toshiba Tec Corporatione-STUDIO 908T2.12.h3.00 and earlier versionsaffected
Toshiba Tec Corporatione-STUDIO 1058T1.01.h4.00 and earlier versionsaffected
Toshiba Tec Corporatione-STUDIO 1208T1.01.h4.00 and earlier versionsaffected

Weaknesses

  • CWE-22: Improper limitation of a pathname to a restricted directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References