CVE-2024-33605
📋 TL;DR
This path traversal vulnerability in Sharp and Toshiba multifunction printers allows attackers to access arbitrary files on the affected devices by manipulating parameters in the installed_emanual_list.html endpoint. Organizations using vulnerable Sharp and Toshiba MFP models are affected. The vulnerability could expose sensitive configuration files, credentials, or other system data.
💻 Affected Systems
- Sharp multifunction printers
- Toshiba multifunction printers
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the MFP device, extraction of administrative credentials, lateral movement to connected networks, and potential data exfiltration from the device's storage.
Likely Case
Unauthorized access to sensitive files on the MFP device including configuration files, logs, and potentially stored documents, leading to information disclosure.
If Mitigated
Limited impact with proper network segmentation and access controls preventing external attackers from reaching the vulnerable endpoint.
🎯 Exploit Status
The vulnerability is publicly documented with proof-of-concept details available. Path traversal vulnerabilities are commonly exploited and require minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by model - check vendor-specific firmware updates
Vendor Advisory: https://global.sharp/products/copier/info/info_security_2024-05.html
Restart Required: Yes
Instructions:
1. Identify affected MFP models using vendor advisories. 2. Download latest firmware from vendor support sites. 3. Apply firmware update following vendor instructions. 4. Verify update completion and restart devices.
🔧 Temporary Workarounds
Network Access Restriction
linuxBlock external access to MFP web interfaces using firewall rules
iptables -A INPUT -p tcp --dport 80 -s ! 192.168.1.0/24 -j DROP
iptables -A INPUT -p tcp --dport 443 -s ! 192.168.1.0/24 -j DROP
Disable Remote Management
allTurn off web interface or restrict to local network only
🧯 If You Can't Patch
- Segment MFPs on isolated network VLANs with strict access controls
- Implement WAF rules to block path traversal patterns to /installed_emanual_list.html
🔍 How to Verify
Check if Vulnerable:
Access http://[MFP_IP]/installed_emanual_list.html?file=../../../../etc/passwd and check if system files are returnedCheck Version:
Check firmware version in MFP web interface under Settings > System InformationVerify Fix Applied:
Attempt the same path traversal after patching - should return error or sanitized response📡 Detection & Monitoring
Log Indicators:
- Multiple requests to installed_emanual_list.html with ../ patterns
- Unusual file access patterns from external IPs
Network Indicators:
- HTTP requests containing '..' or '../' patterns to MFP web interfaces
- Traffic to MFPs from unexpected external sources
SIEM Query:
source="mfp_logs" AND uri="*installed_emanual_list.html*" AND (uri="*..*" OR uri="*../*")🔗 References
- https://global.sharp/products/copier/info/info_security_2024-05.html
- https://jp.sharp/business/print/information/info_security_2024-05.html
- https://jvn.jp/en/vu/JVNVU93051062/
- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
- https://www.toshibatec.co.jp/information/20240531_02.html
- https://www.toshibatec.com/information/20240531_02.html
- http://seclists.org/fulldisclosure/2024/Jul/0
