About Plural Security Vulnerabilities in SHARP Multifunctional Products (MFP)

The following security vulnerabilities were identified and may impact some MFPs that are not properly protected from outside the network with a strong admin password and/or firewall. The following is a summary of the vulnerabilities, affected models, and countermeasures:

Vulnerability identification number JVNVU#95063136 / See the following Detailed Information of the vulnerabilities for the CVE numbers
Affected models and firmware version See the separate table below.
Detailed information of the vulnerabilities
  • CVE-2024-42420: Some device web pages may cause device hang-up due to out-of-bounds memory reference
  • CVE-2024-43424: Some device web pages may cause device hang-up due to out-of-bounds memory reference
  • CVE-2024-45829: Some device web pages may cause device hang-up due to out-of-bounds memory reference
  • CVE-2024-45842: Some device web pages may cause path traversal attacks
  • CVE-2024-47005: Some device web pages have APIs that have improper access control authority
  • CVE-2024-47406: Some device web pages have an alternate path for bypassing authentication mechanism
  • CVE-2024-47549: Some web pages may be able to execute HTTP header injection
  • CVE-2024-47801: Some web pages may cause cross-site scripting attacks
  • CVE-2024-48870: Some web pages may cause cross-site scripting attacks
Condition to enable attacks using this vulnerability To enable attackers to successfully attack the MFP using these vulnerabilities, the following conditions shall be fulfilled:
  • ● The attacker is able to access the corporate network to which the MFP is connected
  • ● The attacker knows the information that users cannot know through normal operation
Possible impacts

If the above conditions are fulfilled, attackers may be able to :

  • 1. hang the MFP up using crafted HTTP request on the MFP web page
  • 2. access part of the MFP functions with unintended authority
  • 3. access to the MFP by bypassing its authentication mechanism on the MFP web page
  • 4. embed a script that may lead to information disclosure, etc. in the MFP web page
Mitigation measures To mitigate the security risks, ensure to protect your MFPs and apply the following countermeasures:
  • ● Change admin password from factory default and manage it appropriately.
  • ● Do not connect MFPs directly to the Internet. Connect them via a firewall or similar network appliance.
  • ● Restrict device web page access via password (enable [System Settings]-[Security Settings]-[Restrict Device Web Page Access Via Password]).
  • ● Monitor the MFP periodically using the Audit Log functionality to see if suspicious access is observed.
If the above countermeasures are not practiced, devices may be accessed by attackers and cause data leakage.
Countermeasure See [Affected models and the status of countermeasures] below. Sharp released updated firmware to mitigate these vulnerabilities for the models listed in Table 1. Regarding the models listed in Table 2, all firmware versions are affected, however, firmware support has ended. Please implement the above mitigation measures or consider discontinuing use of the product or migrating to a successor model. For details, consult your authorized Sharp service providers.
Acknowledgment
Information JVNVU#95063136:
https://jvn.jp/en/vu/JVNVU95063136/index.html
CVE:

■ Affected models and the status of countermeasures

Table 1: Countermeasure firmware is available for the following models:

Category Model name Firmware version affected (see note)
* Check the 2nd to 4th digits of the firmware version
Digital Full-color Multifunctional System BP-90C70/BP-90C80
“210” or earlier
BP-70C65/BP-70C55/BP-70C45/
BP-70C36/BP-70C31/
BP-60C45/BP-60C36/BP-60C31/
BP-50C65/BP-50C55/BP-50C45/
BP-50C36/BP-50C31/BP-50C26/
BP-55C26
“320” or earlier
MX-8081/MX-7081 “160” or earlier
MX-6071/MX-5071/MX-4071/
MX-3571/MX-3071/
MX-4061/MX-3561/MX-3061/
MX-6051/MX-5051/MX-4051/
MX-3551/MX-3051/MX-2651/
MX-6071S/MX-5071S/MX-4071S/
MX-3571S/MX-3071S
MX-4061S/MX-3561S/MX-3061S

“613” or earlier

BP-30C25
BP-30C25Y
BP-30C25Z
BP-30C25T
“130” or earlier
MX-7580N/MX-6580N “503” or earlier
MX-8090N/MX-7090N “405” or earlier
MX-6070N/MX-5070N/MX-4070N/
MX-3570N/MX-3070N/
MX-4060N/MX-3560N/MX-3060N/
MX-6070V/MX-5070V/MX-4070V/
MX-3570V/MX-3070V/
MX-4060V/MX-3560V/MX-3060V/
MX-6070N A/MX-4070N A/MX-3070N A
MX-6070V A/MX-4070V A/MX-3070V A
“802” or earlier
MX-6050N/MX-5050N/
MX-4050N/MX-3550N/MX-3050N/
MX-6050V/MX-5050V/
MX-4050V/MX-3550V/MX-3050V/
MX-2630N/
MX-3050N A/
MX-3050V A
“802” or earlier
BP-C545WD/BP-C542WD/
BP-C535WD/BP-C533WD/
BP-C535WR/BP-C533WR
“262” or earlier
MX-C304W/MX-C303W/
MX-C304/MX-C303/
MX-C304WH/MX-C303WH
“520” or earlier
Digital Multifunctional System (Monochrome) BP-70M90/BP-70M75
“310” or earlier
BP-70M65/BP-70M55/BP-70M45/
BP-70M36/BP-70M31/
BP-50M55/BP-50M50/BP-50M45/
BP-50M36/BP-50M31/BP-50M26
“320” or earlier
MX-M1206/MX-M1056 “200” or earlier
(with Data Security Kit MX-FR66U: “210” or earlier)
MX-M7570/MX-M6570 “456” or earlier
MX-M6071/MX-M5071/MX-M4071/
MX-M3571/MX-M3071/
MX-M6051/MX-M5051/MX-M4051/
MX-M3551/MX-M3051/MX-M2651/
MX-M3571S/MX-M3071S/
MX-M6071S/MX-M5071S/MX-M4071S
“413” or earlier
BP-30M35/BP-30M31/BP-30M28/
BP-30M35T/BP-30M31T/BP-30M28T
“220” or earlier
MX-B476W/MX-B376W/
MX-B456W/MX-B356W/
MX-B476WH/MX-B376WH/
MX-B456WH/MX-B356WH
“413” or earlier
MX-M905 “612” or earlier
MX-M6070/MX-M5070/MX-M4070/
MX-M3570/MX-M3070/
MX-M6050/MX-M5050/MX-M4050/
MX-M3550/MX-M3050/
MX-M2630/
MX-M6070 A/MX-M4070 A/MX-M3070 A/
MX-M3050 A/
MX-M2630 A
“503” or earlier
BP-B550WD/BP-B540WR/
BP-B547WD/BP-B537WR
“260” or earlier
MX-B455W/MX-B355W/
MX-B455WZ/MX-B355WZ/
MX-B455WT/MX-B355WT
“404” or earlier
(with Data Security Kit MX-FR59U: “405” or earlier)

NOTE: Follow the steps to check firmware version of your MFP.
Administrator login is required:

  • ● Select [Settings] icon from the operation panel.
  • If you are accessing the MFP from your PC within the network, you may access the MFP settings via Web browser by entering its IP address.
  • ● Select [Status] tab.
  • Select [Firmware version].
  • ● The 16-digit alphanumeric string after “BUNDLE” (two 8-digit alphanumeric strings connected with an underscore) is the firmware
  • version(e.g., 0510Z200_22040400).

Table 2: For the following models, possible impact Nos. 2 and 3 are not affected. Since the firmware support for these models has ended, please implement the above mitigation measures or consider discontinuing use of the product or migrating to a successor model:

Category Model name
Digital Full-color Multifunctional System MX-7500N/MX-6500N
MX-7040N/MX-6240N
MX-5141N/MX-5140N/MX-4141N/MX-4140N/
MX-5141N A/MX-4140N A
MX-3640N/MX-3140N/MX-2640N/MX-3140N A/
MX-3640NR/MX-3140NR/MX-2640NR
MX-3116N/MX-2616N/
MX-3115N/MX-2615N/MX-2615 A
MX-5112N/MX-5111N/MX-5110N/MX-4112N/MX-4111N/MX-4110N
MX-3610N/MX-3110N/MX-2610N/MX-3110N A/MX-3610NR
MX-C301W/MX-C301
MX-3114N/MX-2614N
MX-2314N/MX-2314NR
MX-3111U/MX-2310U/MX-2310R
MX-2010U/MX-1810U
MX-C401/DX-C401/DX-C401 J/MX-C400/DX-C400/
MX-C381/DX-C381/MX-C380/MX-C381B
MX-C312/MX-C311/DX-C311/DX-C311J/MX-C310/DX-C310/
MX-C400P/MX-C380P/
MX-C402SC/MX-C382SC/MX-C382SCB
MX-5001N/MX-5000N/MX-4101N/MX-4100N
MX-3100N/MX-3100G/MX-2600N/MX-2600G
MX-3101N/MX-2601N/MX-2301N
DX-2500N/DX-2000U
Digital Multifunctional System (Monochrome) MX-M1205/MX-M1055
MX-M1204/MX-M1054/MX-M904
MX-M754N/MX-M654N/MX-M754N A/MX-M654N A
MX-M565N/MX-M465N/MX-M365N/
MX-M465N A/MX-M365N A
MX-M564N/MX-M464N/MX-M364N/MX-M564N A
MX-M356N/MX-M316N/MX-M315N/MX-M356U/MX-M315U/
MX-M266N/MX-M265N/MX-M265U/
MX-M315NE/MX-M265NE/
MX-M356NV/MX-M316NV/MX-M315NV/MX-M356UV/MX-M315UV/
MX-M266NV/MX-M265NV/MX-M265UV/
MX-M315NE/MX-M265NE/MX-M315V/MX-M265V
MX-M354N/MX-M314N/MX-M264N/
MX-M354U/MX-M314U/MX-M264U/
MX-M314NV/MX-M264NV/
MX-M354NR/MX-M314NR/MX-M264NR
MX-B402/MX-B382/
MX-B402P/MX-B382P/
MX-B402SC/MX-B382SC
MX-B401/MX-B381/
MX-B400P/MX-B380P
MX-M753N/MX-M753U/MX-M623N/MX-M623U
MX-M503N/MX-M453N/MX-M363N/MX-M283N/
MX-M503U/MX-M453U/MX-M363U