CVE-2022-45796

high-risk
Published 2022-12-16

Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors.

Do I need to act?

~
1.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Bp-30C25 Firmware
Bp-30C25T Firmware
Bp-30C25Y Firmware
Bp-30C25Z Firmware
Bp-30M28 Firmware
Bp-30M28T Firmware
Bp-30M31 Firmware
Bp-30M31T Firmware
Bp-30M35 Firmware
Bp-30M35T Firmware
Bp-50C26 Firmware
Bp-50C31 Firmware
Bp-50C36 Firmware
Bp-50C45 Firmware
Bp-50C55 Firmware
Bp-50C65 Firmware
Bp-50M26 Firmware
Bp-50M31 Firmware
Bp-50M36 Firmware
Bp-50M45 Firmware

Affected Vendors

Sharp

References (8)

http://seclists.org/fulldisclosure/2024/Jul/0
Mitigation https://global.sharp/products/copier/info/info_security_2022-11.html
https://jvn.jp/en/vu/JVNVU96195138/index.html
https://zuso.ai/advisory/ZA-2022-01.html
http://seclists.org/fulldisclosure/2024/Jul/0
Mitigation https://global.sharp/products/copier/info/info_security_2022-11.html
https://jvn.jp/en/vu/JVNVU96195138/index.html
https://zuso.ai/advisory/ZA-2022-01.html
69
/ 100
high-risk
Severity 31/34 · Critical
Exploitability 5/34 · Minimal
Exposure 33/34 · Critical