Vulnerability Description
Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Toshibatec | E-Studio1058 Firmware | <= t1.01.h4.00 |
| Toshibatec | E-Studio1058 | - |
| Toshibatec | E-Studio1208 Firmware | <= t1.01.h4.00 |
| Toshibatec | E-Studio1208 | - |
| Toshibatec | E-Studio908 Firmware | <= t2.12.h3.00 |
| Toshibatec | E-Studio908 | - |
| Sharp | Bp-90C70 Firmware | - |
| Sharp | Bp-90C70 | - |
| Sharp | Bp-90C80 Firmware | - |
| Sharp | Bp-90C80 | - |
| Sharp | Bp-70C65 Firmware | - |
| Sharp | Bp-70C65 | - |
| Sharp | Bp-70C55 Firmware | - |
| Sharp | Bp-70C55 | - |
| Sharp | Bp-70C45 Firmware | - |
| Sharp | Bp-70C45 | - |
| Sharp | Bp-70C36 Firmware | - |
| Sharp | Bp-70C36 | - |
| Sharp | Bp-70C31 Firmware | - |
| Sharp | Bp-70C31 | - |
Related Weaknesses (CWE)
References
- https://global.sharp/products/copier/info/info_security_2024-10.htmlVendor Advisory
- https://jvn.jp/en/vu/JVNVU95063136/Third Party Advisory
- https://www.toshibatec.com/information/20241025_01.htmlVendor Advisory
FAQ
What is CVE-2024-47005?
CVE-2024-47005 is a vulnerability with a CVSS score of 8.1 (HIGH). Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some c...
How severe is CVE-2024-47005?
CVE-2024-47005 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-47005?
Check the references section above for vendor advisories and patch information. Affected products include: Toshibatec E-Studio1058 Firmware, Toshibatec E-Studio1058, Toshibatec E-Studio1208 Firmware, Toshibatec E-Studio1208, Toshibatec E-Studio908 Firmware.