Vulnerability Description
Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Toshibatec | E-Studio1058 Firmware | <= t1.01.h4.00 |
| Toshibatec | E-Studio1058 | - |
| Toshibatec | E-Studio1208 Firmware | <= t1.01.h4.00 |
| Toshibatec | E-Studio1208 | - |
| Toshibatec | E-Studio908 Firmware | <= t2.12.h3.00 |
| Toshibatec | E-Studio908 | - |
| Sharp | Bp-90C70 Firmware | - |
| Sharp | Bp-90C70 | - |
| Sharp | Bp-90C80 Firmware | - |
| Sharp | Bp-90C80 | - |
| Sharp | Bp-70C65 Firmware | - |
| Sharp | Bp-70C65 | - |
| Sharp | Bp-70C55 Firmware | - |
| Sharp | Bp-70C55 | - |
| Sharp | Bp-70C45 Firmware | - |
| Sharp | Bp-70C45 | - |
| Sharp | Bp-70C36 Firmware | - |
| Sharp | Bp-70C36 | - |
| Sharp | Bp-70C31 Firmware | - |
| Sharp | Bp-70C31 | - |
Related Weaknesses (CWE)
References
- https://global.sharp/products/copier/info/info_security_2024-10.htmlVendor Advisory
- https://jvn.jp/en/vu/JVNVU95063136/Third Party Advisory
- https://www.toshibatec.com/information/20241025_01.htmlVendor Advisory
FAQ
What is CVE-2024-42420?
CVE-2024-42420 is a vulnerability with a CVSS score of 7.5 (HIGH). Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may ...
How severe is CVE-2024-42420?
CVE-2024-42420 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-42420?
Check the references section above for vendor advisories and patch information. Affected products include: Toshibatec E-Studio1058 Firmware, Toshibatec E-Studio1058, Toshibatec E-Studio1208 Firmware, Toshibatec E-Studio1208, Toshibatec E-Studio908 Firmware.