CVE-2024-35244

EUVD-2024-35719
There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
jpcertCNA
9.1 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Common Weakness Enumeration
References
https://global.sharp/products/copier/info/info_security_2024-05.html
https://jp.sharp/business/print/information/info_security_2024-05.html
https://jvn.jp/en/vu/JVNVU93051062/
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
https://www.toshibatec.co.jp/information/20240531_02.html
https://www.toshibatec.com/information/20240531_02.html
http://seclists.org/fulldisclosure/2024/Jul/0