CVE-2024-46873

CRITICAL

SHARP Router - RCE

Title source: llm

Description

Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker.

References (2)

[Third Party Advisory] https://jvn.jp/en/jp/JVN61635834/

[Various Sources] https://k-tai.sharp.co.jp/support/info/info083.html

Scores

CVSS v3 9.8

EPSS 0.0055

EPSS Percentile 68.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-489

Status published

Products (6)

Sharp Corporation/home 5G HR02 S5.82.00 and earlier

Sharp Corporation/PocketWifi 809SH 01.00.B9 and earlier

Sharp Corporation/Speed Wi-Fi NEXT W07 02.00.48 and earlier

Sharp Corporation/Wi-Fi STATION SH-05L 01.00.C0 and earlier

Sharp Corporation/Wi-Fi STATION SH-52B S3.87.11 and earlier

Sharp Corporation/Wi-Fi STATION SH-54C S6.60.00 and earlier

Published Dec 23, 2024

Tracked Since Feb 18, 2026