CVE-2024-36249 HIGH

CVE-2024-36249

Vendor Sharp Corporation

Product Multiple MFPs (multifunction printers)

Weakness CWE-79 · XSS

Published November 26, 2024

Last update November 26, 2024

View on NVD All CVEs

CVSS base score

7.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Key dates

02Disclosure timeline

November 26, 2024 CVE published

November 26, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-36249 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2024-36249

CWE CWE-79

CVSS 7.4 / HIGH

Affected versions

Vendor Sharp Corporation

Product Multiple MFPs (multifunction printers)

Affected See the information provided by Sharp Corporation listed under [References]

Vendor Toshiba Tec Corporation

Product Multiple MFPs (multifunction printers)

Affected See the information provided by Toshiba Tec Corporation listed under [References]

CVE-2024-36249

01Description

02Disclosure timeline

03References

04Related CVE