CVE-2024-42420

Q: What is the severity of CVE-2024-42420?

CVE-2024-42420 has a CVSS score of 7.5 (HIGH). Sharp and Toshiba Tec multifunction printers (MFPs) contain out-of-bounds read vulnerabilities in their web interfaces. Attackers can crash affected devices by sending specially crafted HTTP requests containing malicious keyword search inputs or SOAP messages. Organizations using vulnerable Sharp and Toshiba Tec MFP models are affected.

7.5 HIGH

Denial of Service

📋 TL;DR

Sharp and Toshiba Tec multifunction printers (MFPs) contain out-of-bounds read vulnerabilities in their web interfaces. Attackers can crash affected devices by sending specially crafted HTTP requests containing malicious keyword search inputs or SOAP messages. Organizations using vulnerable Sharp and Toshiba Tec MFP models are affected.

💻 Affected Systems

Products:

Sharp MFPs
Toshiba Tec MFPs

Versions: Specific models and firmware versions listed in vendor advisories

Operating Systems: Embedded MFP firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web interface functionality. Exact model lists available in vendor advisories.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, causing service disruption and potential data loss during printing/scanning operations.

🟠

Likely Case

Temporary denial of service affecting printing/scanning capabilities until device is manually rebooted.

🟢

If Mitigated

Minimal impact if devices are isolated from untrusted networks and patched promptly.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP requests without authentication if devices are exposed to internet.

🏢 Internal Only: MEDIUM - Still exploitable by internal attackers or compromised internal systems, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted HTTP requests to device web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates specified in vendor advisories

Vendor Advisory: https://global.sharp/products/copier/info/info_security_2024-10.html

Restart Required: Yes

Instructions:

1. Check vendor advisories for affected models. 2. Download firmware updates from vendor support portals. 3. Apply firmware updates following vendor instructions. 4. Reboot devices after update completion.

🔧 Temporary Workarounds

Network segmentation

all

Isolate MFPs from untrusted networks and restrict access to management interfaces

Access control

all

Implement firewall rules to restrict HTTP access to MFP management interfaces

🧯 If You Can't Patch

Segment MFPs on isolated VLANs with strict access controls
Disable unnecessary web interface features if supported

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against vendor advisory lists

Check Version:

Check via device web interface or vendor management tools

Verify Fix Applied:

Verify firmware version matches patched versions in vendor advisories

📡 Detection & Monitoring

Log Indicators:

Multiple HTTP requests with malformed parameters to MFP web interface
Device reboot logs following web interface access

Network Indicators:

HTTP requests with unusual keyword search parameters
Malformed SOAP messages to MFP endpoints

SIEM Query:

source_ip=MFP_IP AND (http_uri CONTAINS 'search' OR http_content CONTAINS 'SOAP') AND http_status=500

📊 Metadata

CVE ID: CVE-2024-42420

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: October 25, 2024

Last Updated: November 5, 2024

🔗 References

https://global.sharp/products/copier/info/info_security_2024-10.html Vendor Advisory
https://jvn.jp/en/vu/JVNVU95063136/ Third Party Advisory
https://www.toshibatec.com/information/20241025_01.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Bp 30c25 Firmware by Sharp

Bp 30c25t Firmware by Sharp

Bp 30c25y Firmware by Sharp

Bp 30c25z Firmware by Sharp

Bp 30m28 Firmware by Sharp

Bp 30m28t Firmware by Sharp

Bp 30m31 Firmware by Sharp

Bp 30m31t Firmware by Sharp

Bp 30m35 Firmware by Sharp

Bp 30m35t Firmware by Sharp

Bp 50c26 Firmware by Sharp

Bp 50c31 Firmware by Sharp

Bp 50c36 Firmware by Sharp

Bp 50c45 Firmware by Sharp

Bp 50c55 Firmware by Sharp

Bp 50c65 Firmware by Sharp

Bp 50m26 Firmware by Sharp

Bp 50m31 Firmware by Sharp

Bp 50m36 Firmware by Sharp

Bp 50m45 Firmware by Sharp

Bp 50m50 Firmware by Sharp

Bp 50m55 Firmware by Sharp

Bp 55c26 Firmware by Sharp

Bp 60c31 Firmware by Sharp

Bp 60c36 Firmware by Sharp

Bp 60c45 Firmware by Sharp

Bp 70c31 Firmware by Sharp

Bp 70c36 Firmware by Sharp

Bp 70c45 Firmware by Sharp

Bp 70c55 Firmware by Sharp

Bp 70c65 Firmware by Sharp

Bp 70m31 Firmware by Sharp

Bp 70m36 Firmware by Sharp

Bp 70m45 Firmware by Sharp

Bp 70m55 Firmware by Sharp

Bp 70m65 Firmware by Sharp

Bp 70m75 Firmware by Sharp

Bp 70m90 Firmware by Sharp

Bp 90c70 Firmware by Sharp

Bp 90c80 Firmware by Sharp

Bp B537wr Firmware by Sharp

Bp B540wr Firmware by Sharp

Bp B547wd Firmware by Sharp

Bp B550wd Firmware by Sharp

Bp C533wd Firmware by Sharp

Bp C533wr Firmware by Sharp

Bp C535wd Firmware by Sharp

Bp C535wr Firmware by Sharp

Bp C542wd Firmware by Sharp

Bp C545wd Firmware by Sharp

Dx 2000u Firmware by Sharp

Dx 2500n Firmware by Sharp

Dx C310 Firmware by Sharp

Dx C311 Firmware by Sharp

Dx C311j Firmware by Sharp

Dx C381 Firmware by Sharp

Dx C400 Firmware by Sharp

Dx C401 Firmware by Sharp

Dx C401 J Firmware by Sharp

E Studio1058 Firmware by Toshibatec

E Studio1208 Firmware by Toshibatec

E Studio908 Firmware by Toshibatec

Mx 1810u Firmware by Sharp

Mx 2010u Firmware by Sharp

Mx 2301n Firmware by Sharp

Mx 2310r Firmware by Sharp

Mx 2310u Firmware by Sharp

Mx 2314n Firmware by Sharp

Mx 2314nr Firmware by Sharp

Mx 2600g Firmware by Sharp

Mx 2600n Firmware by Sharp

Mx 2601n Firmware by Sharp

Mx 2610n Firmware by Sharp

Mx 2614n Firmware by Sharp

Mx 2615 A Firmware by Sharp

Mx 2615n Firmware by Sharp

Mx 2616n Firmware by Sharp