CVE-2024-33605

moderate-risk
Published 2024-11-26

Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Do I need to act?

!
54.1% chance of exploitation in next 30 days
EPSS score — higher than 46% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

References (7)

https://global.sharp/products/copier/info/info_security_2024-05.html
https://jp.sharp/business/print/information/info_security_2024-05.html
https://jvn.jp/en/vu/JVNVU93051062/
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
https://www.toshibatec.co.jp/information/20240531_02.html
https://www.toshibatec.com/information/20240531_02.html
http://seclists.org/fulldisclosure/2024/Jul/0
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 18/34 · Moderate
Exposure 5/34 · Minimal