CVE-2024-33610
📋 TL;DR
This vulnerability allows unauthenticated attackers to access two sensitive web pages on affected Sharp and Toshiba multifunction printers. Attackers can view active user session cookies (potentially enabling session hijacking) and reboot devices remotely. Organizations using affected Sharp and Toshiba MFP models are impacted.
💻 Affected Systems
- Sharp MX/MX-M series multifunction printers
- Toshiba e-STUDIO series multifunction printers
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal active session cookies, hijack authenticated sessions, access sensitive documents, and perform unauthorized reboots disrupting business operations.
Likely Case
Unauthenticated attackers reboot devices causing temporary service disruption and potentially view session information of logged-in users.
If Mitigated
With proper network segmentation and access controls, impact is limited to internal network disruption only.
🎯 Exploit Status
Simple HTTP requests to /sessionlist.html and /sys_trayentryreboot.html endpoints. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by model - check vendor advisories
Vendor Advisory: https://global.sharp/products/copier/info/info_security_2024-05.html
Restart Required: Yes
Instructions:
1. Identify affected models using vendor advisories. 2. Download latest firmware from vendor support portal. 3. Apply firmware update via web interface or USB. 4. Reboot device after update.
🔧 Temporary Workarounds
Network Access Control
allRestrict access to printer web interfaces using firewall rules
Disable Web Interface
allTurn off web management interface if not required
🧯 If You Can't Patch
- Segment printers to isolated VLAN with strict access controls
- Implement network monitoring for access to /sessionlist.html and /sys_trayentryreboot.html endpoints
🔍 How to Verify
Check if Vulnerable:
Attempt HTTP GET requests to http://<printer-ip>/sessionlist.html and http://<printer-ip>/sys_trayentryreboot.html without authenticationCheck Version:
Check firmware version via printer web interface or control panelVerify Fix Applied:
After patching, verify same endpoints return authentication required or 404 error📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access to /sessionlist.html or /sys_trayentryreboot.html in web server logs
- Multiple reboot events in system logs
Network Indicators:
- HTTP GET requests to vulnerable endpoints from unauthorized IPs
- Unusual session cookie harvesting patterns
SIEM Query:
source="printer_logs" AND (url="/sessionlist.html" OR url="/sys_trayentryreboot.html") AND auth_status="failed"🔗 References
- https://global.sharp/products/copier/info/info_security_2024-05.html
- https://jp.sharp/business/print/information/info_security_2024-05.html
- https://jvn.jp/en/vu/JVNVU93051062/
- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
- https://www.toshibatec.co.jp/information/20240531_02.html
- https://www.toshibatec.com/information/20240531_02.html
- http://seclists.org/fulldisclosure/2024/Jul/0
