CVE-2022-45796
CRITICALSHARP Digital Multifunctional System - OS Command Injection via nw_interface.html
Title source: llmDescription
Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors.
References (4)
Core 4
Core References
Mitigation, Vendor Advisory
https://global.sharp/products/copier/info/info_security_2022-11.html
Third Party Advisory
https://jvn.jp/en/vu/JVNVU96195138/index.html
Vendor Advisory
https://zuso.ai/advisory/ZA-2022-01.html
Mailing List mailing-list
http://seclists.org/fulldisclosure/2024/Jul/0
Scores
CVSS v3
9.1
EPSS
0.0323
EPSS Percentile
86.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (50)
sharp/bp-30c25_firmware
sharp/bp-30c25t_firmware
sharp/bp-30c25y_firmware
sharp/bp-30c25z_firmware
sharp/bp-30m28_firmware
sharp/bp-30m28t_firmware
sharp/bp-30m31_firmware
sharp/bp-30m31t_firmware
sharp/bp-30m35_firmware
sharp/bp-30m35t_firmware
... and 40 more
Published
Dec 16, 2022
Tracked Since
Feb 18, 2026