Strix
26.1K

CVE-2024-47549

MEDIUMCVSS 6.1/10EPSS 0.34%

Last modified

CVE-2024-47549 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.

Description

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.

Metrics

CVSS 3.1
6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.34%

25.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ToshibatecE-Studio1058 Firmware<= t1.01.h4.00
ToshibatecE-Studio1208 Firmware<= t1.01.h4.00
ToshibatecE-Studio908 Firmware<= t2.12.h3.00
SharpBp-90c70 FirmwareAll versions
SharpBp-90c80 FirmwareAll versions
SharpBp-70c65 FirmwareAll versions
SharpBp-70c55 FirmwareAll versions
SharpBp-70c45 FirmwareAll versions
SharpBp-70c36 FirmwareAll versions
SharpBp-70c31 FirmwareAll versions
SharpBp-60c45 FirmwareAll versions
SharpBp-60c36 FirmwareAll versions
SharpBp-60c31 FirmwareAll versions
SharpBp-50c65 FirmwareAll versions
SharpBp-50c55 FirmwareAll versions
SharpBp-50c45 FirmwareAll versions
SharpBp-50c36 FirmwareAll versions
SharpBp-50c31 FirmwareAll versions
SharpBp-50c26 FirmwareAll versions
SharpBp-55c26 FirmwareAll versions
SharpMx-8081 FirmwareAll versions
SharpMx-7081 FirmwareAll versions
SharpMx-6071 FirmwareAll versions
SharpMx-5071 FirmwareAll versions
SharpMx-4071 FirmwareAll versions
SharpMx-3571 FirmwareAll versions
SharpMx-3071 FirmwareAll versions
SharpMx-4061 FirmwareAll versions
SharpMx-3561 FirmwareAll versions
SharpMx-3061 FirmwareAll versions
SharpMx-6051 FirmwareAll versions
SharpMx-5051 FirmwareAll versions
SharpMx-4051 FirmwareAll versions
SharpMx-3551 FirmwareAll versions
SharpMx-3051 FirmwareAll versions
SharpMx-2651 FirmwareAll versions
SharpMx-6071s FirmwareAll versions
SharpMx-5071s FirmwareAll versions
SharpMx-4071s FirmwareAll versions
SharpMx-3571s FirmwareAll versions
SharpMx-3071s FirmwareAll versions
SharpMx-4061s FirmwareAll versions
SharpMx-3561s FirmwareAll versions
SharpMx-3061s FirmwareAll versions
SharpBp-30c25 FirmwareAll versions
SharpBp-30c25y FirmwareAll versions
SharpBp-30c25z FirmwareAll versions
SharpBp-30c25t FirmwareAll versions
SharpMx-7580n FirmwareAll versions
SharpMx-6580n FirmwareAll versions

Showing 50 of 320 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-47549?
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
How severe is CVE-2024-47549?
CVE-2024-47549 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.34% probability of exploitation in the next 30 days.
How do I fix CVE-2024-47549?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-47549?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST