CVE-2024-47549

Summary

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.

Affected Software

VendorProductVersion RangeStatus
Sharp CorporationSharp Digital Full-color MFPs and Monochrome MFPssee the information provided by Sharp Corporationaffected
Toshiba Tec Corporatione-STUDIO 908T2.12.h3.00 and earlier versionsaffected
Toshiba Tec Corporatione-STUDIO 1058T1.01.h4.00 and earlier versionsaffected
Toshiba Tec Corporatione-STUDIO 1208T1.01.h4.00 and earlier versionsaffected

Weaknesses

  • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References