CVE-2024-47005

Summary

Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs.

Affected Software

VendorProductVersion RangeStatus
Sharp CorporationSharp Digital Full-color MFPs and Monochrome MFPssee the information provided by Sharp Corporationaffected
Toshiba Tec Corporatione-STUDIO 908T2.12.h3.00 and earlier versionsaffected
Toshiba Tec Corporatione-STUDIO 1058T1.01.h4.00 and earlier versionsaffected
Toshiba Tec Corporatione-STUDIO 1208T1.01.h4.00 and earlier versionsaffected

Weaknesses

  • CWE-749: Exposed dangerous method or function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References