About Plural Security Vulnerabilities in SHARP Multifunctional Products (MFP)
The following security vulnerabilities were identified and may impact some MFPs that are not properly protected with a strong admin password and/or firewall. The following is a summary of the vulnerabilities, affected models, and countermeasures:
Vulnerability identification number | JVNVU#93051062 / See the following Detailed Information of the vulnerabilities for the CVE numbers |
---|---|
Affected models and firmware version | See the separate table below. |
Detailed information of the vulnerabilities |
|
Condition to enable attacks using this vulnerability | To enable attackers to successfully attack the MFP using these vulnerabilities, the following conditions shall be fulfilled:
|
Possible impacts | If the above conditions are fulfilled, attackers may be able to :
|
Mitigation measures | To mitigate security risks and the command injection vulnerability, ensure to protect your MFPs and apply the following countermeasures:
|
Countermeasure | See [Affected models and the status of countermeasures] below. Sharp released updated firmware to mitigate these vulnerabilities for the models listed in Table 1. Regarding the models listed in Table 2, all firmware versions are affected, however, firmware support has ended. Please implement the above mitigation measures or consider discontinuing use of the product or migrating to a successor model. For details, consult your authorized Sharp service providers. |
Acknowledgment | We truly appreciate the following people who reported these vulnerabilities:
|
Information | JVNVU#93051062: https://jvn.jp/en/vu/JVNVU93051062/index.html CVE:
|
■ Affected models and the status of countermeasures
Table 1: Countermeasure firmware is available for the following models:
Category | Model name | Firmware version affected (see note) * Check the 2nd to 4th digits of the firmware version |
---|---|---|
Digital Full-color Multifunctional System | BP-90C70/BP-90C80 (Possible impact Nos. 1, 2 and 4 are not affected) |
“200” or earlier |
BP-70C65/BP-70C55/BP-70C45/ BP-70C36/BP-70C31/ BP-60C45/BP-60C36/BP-60C31/ BP-50C65/BP-50C55/BP-50C45/ BP-50C36/BP-50C31/BP-50C26/ BP-55C26 (Possible impact No. 2 is not affected) |
“310” or earlier | |
MX-8081/MX-7081 | “150” or earlier | |
MX-6071/MX-5071/MX-4071/ MX-3571/MX-3071/ MX-4061/MX-3561/MX-3061/ MX-6051/MX-5051/MX-4051/ MX-3551/MX-3051/MX-2651/ MX-6071S/MX-5071S/MX-4071S/ MX-3571S/MX-3071S MX-4061S/MX-3561S/MX-3061S (Possible impact No. 2 is not affected) |
“612” or earlier |
|
BP-30C25 BP-30C25Y BP-30C25Z BP-30C25T |
“123” or earlier | |
MX-7580N/MX-6580N | “502” or earlier | |
MX-8090N/MX-7090N | “404” or earlier | |
MX-6070N/MX-5070N/MX-4070N/ MX-3570N/MX-3070N/ MX-4060N/MX-3560N/MX-3060N/ MX-6070V/MX-5070V/MX-4070V/ MX-3570V/MX-3070V/ MX-4060V/MX-3560V/MX-3060V/ MX-6070N A/MX-4070N A/MX-3070N A MX-6070V A/MX-4070V A/MX-3070V A |
“801” or earlier | |
MX-6050N/MX-5050N/ MX-4050N/MX-3550N/MX-3050N/ MX-6050V/MX-5050V/ MX-4050V/MX-3550V/MX-3050V/ MX-2630N/ MX-3050N A/ MX-3050V A |
“801” or earlier | |
MX-C304W/MX-C303W/ MX-C304/MX-C303/ MX-C304WH/MX-C303WH |
“512” or earlier | |
DX-2500N/DX-2000U (Possible impacts Nos. 2, 4 and 5 are not affected) |
“202” or earlier | |
Digital Multifunctional System (Monochrome) | BP-70M90/BP-70M75 (Possible impact No. 2 is not affected) |
“303” or earlier |
BP-70M65/BP-70M55/BP-70M45/ BP-70M36/BP-70M31/ BP-50M65/BP-50M55/BP-50M45/ BP-50M36/BP-50M31/BP-50M26 (Possible impact No. 2 is not affected) |
“310” or earlier | |
MX-M1206/MX-M1056 | “113” or earlier | |
MX-M7570/MX-M6570 | “455” or earlier | |
MX-M6071/MX-M5071/MX-M4071/ MX-M3571/MX-M3071/ MX-M6051/MX-M5051/MX-M4051/ MX-M3551/MX-M3051/MX-M2651/ MX-M3571S/MX-M3071S/ MX-M6071S/MX-M5071S/MX-M4071S (Possible impact No. 2 is not affected) |
“412” or earlier | |
BP-30M35/BP-30M31/BP-30M28/ BP-30M35T/BP-30M31T/BP-30M28T |
“211” or earlier | |
MX-B476W/MX-B376W/ MX-B456W/MX-B356W/ MX-B476WH/MX-B376WH/ MX-B456WH/MX-B356WH |
“412” or earlier | |
MX-M905 | “611” or earlier | |
MX-M6070/MX-M5070/MX-M4070/ MX-M3570/MX-M3070/ MX-M6050/MX-M5050/MX-M4050/ MX-M3550/MX-M3050/ MX-M2630/ MX-M6070 A/MX-M4070 A/MX-M3070 A/ MX-M3050 A/ MX-M2630 A |
“502” or earlier | |
BP-B550WD/BP-B540WR/ BP-B547WD/BP-B537WR (Possible impact No. 2 is not affected) |
“250” or earlier | |
MX-B455W/MX-B355W/ MX-B455WZ/MX-B355WZ/ MX-B455WT/MX-B355WT |
“404” or earlier |
NOTE: Follow the steps to check firmware version of your MFP.
Administrator login is required:
- ● Select [Settings] icon from the operation panel.
- If you are accessing the MFP from your PC within the network, you may access the MFP settings via Web browser by entering its IP address.
- ● Select [Status] tab.
- Select [Firmware version].
- ● The 16-digit alphanumeric string after “BUNDLE” (two 8-digit alphanumeric strings connected with an underscore) is the firmware
- version(e.g., 0510Z200_22040400).
Table 2: For the following models, firmware support has ended. Please implement the above mitigation measures or consider discontinuing use of the product or migrating to a successor model:
Category | Model name |
---|---|
Digital Full-color Multifunctional System | MX-7500N/MX-6500N (Possible impact Nos. 2 and 5 are not affected) |
MX-7040N/MX-6240N (Possible impact Nos. 2 and 5 are not affected) |
|
MX-5141N/MX-5140N/MX-4141N/MX-4140N/ MX-5141N A/MX-4140N A (Possible impact No. 2 is not affected) |
|
MX-3640N/MX-3140N/MX-2640N/MX-3140N A/ MX-3640NR/MX-3140NR/MX-2640NR (Possible impact Nos. 2 and 5 are not affected) |
|
MX-3116N/MX-2616N/ MX-3115N/MX-2615N/MX-2615 A (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-5112N/MX-5111N/MX-5110N/MX-4112N/MX-4111N/MX-4110N (Possible impact Nos. 2 and 5 are not affected) | |
MX-3610N/MX-3110N/MX-2610N/MX-3110N A/MX-3610NR (Possible impact Nos. 2 and 5 are not affected) |
|
MX-C301W/MX-C301 (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-2314N/MX-2314NR (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-3111U/MX-2310U/MX-2310R (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-2010U/MX-1810U (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-C401/DX-C401/DX-C401 J/MX-C400/DX-C400/ MX-C381/DX-C381/MX-C380/MX-C381B MX-C312/MX-C311/DX-C311/DX-C311J/MX-C310/DX-C310/ MX-C400P/MX-C380P/ MX-C402SC/MX-C382SC/MX-C382SCB (Possible impacts Nos. 2, 4 and 5 are not affected) |
|
MX-5001N/MX-5000N/MX-4101N/MX-4100N (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-3100N/MX-3100G/MX-2600N/MX-2600G (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-3101N/MX-2601N/MX-2301N (Possible impact Nos. 2, 4 and 5 are not affected) |
|
Digital Multifunctional System (Monochrome) | MX-M1205/MX-M1055 (Possible impact Nos. 2 and 5 are not affected) |
MX-M1204/MX-M1054/MX-M904 (Possible impact Nos. 2 and 5 are not affected) |
|
MX-M754N/MX-M654N/MX-M754N A/MX-M654N A (Possible impact No. 2 is not affected) |
|
MX-M565N/MX-M465N/MX-M365N/ MX-M465N A/MX-M365N A (Possible impact No. 2 is not affected) |
|
MX-M564N/MX-M464N/MX-M364N/MX-M564N A (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-M356N/MX-M316N/MX-M315N/MX-M356U/MX-M315U/ MX-M266N/MX-M265N/MX-M265U/ MX-M315NE/MX-M265NE/ MX-M356NV/MX-M316NV/MX-M315NV/MX-M356UV/MX-M315UV/ MX-M266NV/MX-M265NV/MX-M265UV/ MX-M315NE/MX-M265NE/MX-M315V/MX-M265V (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-M354N/MX-M314N/MX-M264N/ MX-M354U/MX-M314U/MX-M264U/ MX-M314NV/MX-M264NV/ MX-M354NR/MX-M314NR/MX-M264NR (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-B402/MX-B382/ MX-B402P/MX-B382P/ MX-B402SC/MX-B382SC (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-B401/MX-B381/ MX-B400P/MX-B380P (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-M753N/MX-M753U/MX-M623N/MX-M623U (Possible impact Nos. 2, 4 and 5 are not affected) |
|
MX-M503N/MX-M453N/MX-M363N/MX-M283N/ MX-M503U/MX-M453U/MX-M363U (Possible impact Nos. 2, 4 and 5 are not affected) |