#VU70411 Command Injection in Sharp Corporation Hardware solutions


Published: 2022-12-19

Vulnerability identifier: #VU70411

Vulnerability risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45796

CWE-ID: CWE-77

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
BP-70C65
Hardware solutions / Office equipment, IP-phones, print servers
BP-70C55
Hardware solutions / Office equipment, IP-phones, print servers
BP-70C45
Hardware solutions / Office equipment, IP-phones, print servers
BP-70C36
Hardware solutions / Office equipment, IP-phones, print servers
BP-70C31
Hardware solutions / Office equipment, IP-phones, print servers
BP-60C45
Hardware solutions / Office equipment, IP-phones, print servers
BP-60C36
Hardware solutions / Office equipment, IP-phones, print servers
BP-60C31
Hardware solutions / Office equipment, IP-phones, print servers
BP-50C65
Hardware solutions / Office equipment, IP-phones, print servers
BP-50C55
Hardware solutions / Office equipment, IP-phones, print servers
BP-50C45
Hardware solutions / Office equipment, IP-phones, print servers
BP-50C36
Hardware solutions / Office equipment, IP-phones, print servers
BP-50C31
Hardware solutions / Office equipment, IP-phones, print servers
BP-50C26
Hardware solutions / Office equipment, IP-phones, print servers
BP-55C26
Hardware solutions / Office equipment, IP-phones, print servers
MX-8081
Hardware solutions / Office equipment, IP-phones, print servers
MX-7081
Hardware solutions / Office equipment, IP-phones, print servers
MX-6071
Hardware solutions / Office equipment, IP-phones, print servers
MX-5071
Hardware solutions / Office equipment, IP-phones, print servers
MX-4071
Hardware solutions / Office equipment, IP-phones, print servers
MX-3571
Hardware solutions / Office equipment, IP-phones, print servers
MX-3071
Hardware solutions / Office equipment, IP-phones, print servers
MX-4061
Hardware solutions / Office equipment, IP-phones, print servers
MX-3561
Hardware solutions / Office equipment, IP-phones, print servers
MX-3061
Hardware solutions / Office equipment, IP-phones, print servers
MX-6051
Hardware solutions / Office equipment, IP-phones, print servers
MX-5051
Hardware solutions / Office equipment, IP-phones, print servers
MX-4051
Hardware solutions / Office equipment, IP-phones, print servers
MX-3551
Hardware solutions / Office equipment, IP-phones, print servers
MX-3051
Hardware solutions / Office equipment, IP-phones, print servers
MX-2651
Hardware solutions / Office equipment, IP-phones, print servers
MX-6071S
Hardware solutions / Office equipment, IP-phones, print servers
MX-5071S
Hardware solutions / Office equipment, IP-phones, print servers
MX-4071S
Hardware solutions / Office equipment, IP-phones, print servers
MX-3571S
Hardware solutions / Office equipment, IP-phones, print servers
MX-3071S
Hardware solutions / Office equipment, IP-phones, print servers
MX-4061S
Hardware solutions / Office equipment, IP-phones, print servers
MX-3561S
Hardware solutions / Office equipment, IP-phones, print servers
MX-3061S
Hardware solutions / Office equipment, IP-phones, print servers
BP-30C25
Hardware solutions / Office equipment, IP-phones, print servers
BP-30C25Y
Hardware solutions / Office equipment, IP-phones, print servers
BP-30C25Z
Hardware solutions / Office equipment, IP-phones, print servers
BP-30C25T
Hardware solutions / Office equipment, IP-phones, print servers
MX-7580N
Hardware solutions / Office equipment, IP-phones, print servers
MX-6580N
Hardware solutions / Office equipment, IP-phones, print servers
MX-8090N
Hardware solutions / Office equipment, IP-phones, print servers
MX-7090N
Hardware solutions / Office equipment, IP-phones, print servers
MX-6070N
Hardware solutions / Office equipment, IP-phones, print servers
MX-5070N
Hardware solutions / Office equipment, IP-phones, print servers
MX-4070N
Hardware solutions / Office equipment, IP-phones, print servers
MX-3570N
Hardware solutions / Office equipment, IP-phones, print servers
MX-3070N
Hardware solutions / Office equipment, IP-phones, print servers
MX-4060N
Hardware solutions / Office equipment, IP-phones, print servers
MX-3560N
Hardware solutions / Office equipment, IP-phones, print servers
MX-3060N
Hardware solutions / Office equipment, IP-phones, print servers
MX-6070V
Hardware solutions / Office equipment, IP-phones, print servers
MX-5070V
Hardware solutions / Office equipment, IP-phones, print servers
MX-4070V
Hardware solutions / Office equipment, IP-phones, print servers
MX-3570V
Hardware solutions / Office equipment, IP-phones, print servers
MX-3070V
Hardware solutions / Office equipment, IP-phones, print servers
MX-4060V
Hardware solutions / Office equipment, IP-phones, print servers
MX-3560V
Hardware solutions / Office equipment, IP-phones, print servers
MX-3060V
Hardware solutions / Office equipment, IP-phones, print servers
MX-6070N A
Hardware solutions / Office equipment, IP-phones, print servers
MX-4070N A
Hardware solutions / Office equipment, IP-phones, print servers
MX-3070N A
Hardware solutions / Office equipment, IP-phones, print servers
MX-6070V A
Hardware solutions / Office equipment, IP-phones, print servers
MX-4070V A
Hardware solutions / Office equipment, IP-phones, print servers
MX-3070V A
Hardware solutions / Office equipment, IP-phones, print servers
MX-6050N
Hardware solutions / Office equipment, IP-phones, print servers
MX-5050N
Hardware solutions / Office equipment, IP-phones, print servers
MX-4050N
Hardware solutions / Office equipment, IP-phones, print servers
MX-3550N
Hardware solutions / Office equipment, IP-phones, print servers
MX-3050N
Hardware solutions / Office equipment, IP-phones, print servers
MX-6050V
Hardware solutions / Office equipment, IP-phones, print servers
MX-5050V
Hardware solutions / Office equipment, IP-phones, print servers
MX-4050V
Hardware solutions / Office equipment, IP-phones, print servers
MX-3550V
Hardware solutions / Office equipment, IP-phones, print servers
MX-3050V
Hardware solutions / Office equipment, IP-phones, print servers
MX-2630N
Hardware solutions / Office equipment, IP-phones, print servers
MX-3050N A
Hardware solutions / Office equipment, IP-phones, print servers
MX-3050V A
Hardware solutions / Office equipment, IP-phones, print servers
MX-C304W
Hardware solutions / Office equipment, IP-phones, print servers
MX-C303W
Hardware solutions / Office equipment, IP-phones, print servers
MX-C304
Hardware solutions / Office equipment, IP-phones, print servers
MX-C303
Hardware solutions / Office equipment, IP-phones, print servers
MX-C304WH
Hardware solutions / Office equipment, IP-phones, print servers
MX-C303WH
Hardware solutions / Office equipment, IP-phones, print servers
BP-70M90
Hardware solutions / Office equipment, IP-phones, print servers
BP-70M75
Hardware solutions / Office equipment, IP-phones, print servers
BP-70M65
Hardware solutions / Office equipment, IP-phones, print servers
BP-70M55
Hardware solutions / Office equipment, IP-phones, print servers
BP-70M45
Hardware solutions / Office equipment, IP-phones, print servers
BP-70M36
Hardware solutions / Office equipment, IP-phones, print servers
BP-70M31
Hardware solutions / Office equipment, IP-phones, print servers
BP-50M55
Hardware solutions / Office equipment, IP-phones, print servers
BP-50M50
Hardware solutions / Office equipment, IP-phones, print servers
BP-50M45
Hardware solutions / Office equipment, IP-phones, print servers
BP-50M36
Hardware solutions / Office equipment, IP-phones, print servers
BP-50M31
Hardware solutions / Office equipment, IP-phones, print servers
BP-50M26
Hardware solutions / Office equipment, IP-phones, print servers
MX-M1206
Hardware solutions / Office equipment, IP-phones, print servers
MX-M1056
Hardware solutions / Office equipment, IP-phones, print servers
MX-M7570
Hardware solutions / Office equipment, IP-phones, print servers
MX-M6570
Hardware solutions / Office equipment, IP-phones, print servers
MX-M6071
Hardware solutions / Office equipment, IP-phones, print servers
MX-M5071
Hardware solutions / Office equipment, IP-phones, print servers
MX-M4071
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3571
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3071
Hardware solutions / Office equipment, IP-phones, print servers
MX-M6051
Hardware solutions / Office equipment, IP-phones, print servers
MX-M5051
Hardware solutions / Office equipment, IP-phones, print servers
MX-M4051
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3551
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3051
Hardware solutions / Office equipment, IP-phones, print servers
MX-M2651
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3571S
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3071S
Hardware solutions / Office equipment, IP-phones, print servers
MX-M6071S
Hardware solutions / Office equipment, IP-phones, print servers
MX-M5071S
Hardware solutions / Office equipment, IP-phones, print servers
MX-M4071S
Hardware solutions / Office equipment, IP-phones, print servers
BP-30M35
Hardware solutions / Office equipment, IP-phones, print servers
BP-30M31
Hardware solutions / Office equipment, IP-phones, print servers
BP-30M28
Hardware solutions / Office equipment, IP-phones, print servers
BP-30M35T
Hardware solutions / Office equipment, IP-phones, print servers
BP-30M31T
Hardware solutions / Office equipment, IP-phones, print servers
BP-30M28T
Hardware solutions / Office equipment, IP-phones, print servers
MX-B476W
Hardware solutions / Office equipment, IP-phones, print servers
MX-B376W
Hardware solutions / Office equipment, IP-phones, print servers
MX-B456W
Hardware solutions / Office equipment, IP-phones, print servers
MX-B356W
Hardware solutions / Office equipment, IP-phones, print servers
MX-B476WH
Hardware solutions / Office equipment, IP-phones, print servers
MX-B376WH
Hardware solutions / Office equipment, IP-phones, print servers
MX-B456WH
Hardware solutions / Office equipment, IP-phones, print servers
MX-B356WH
Hardware solutions / Office equipment, IP-phones, print servers
MX-M905
Hardware solutions / Office equipment, IP-phones, print servers
MX-M6070
Hardware solutions / Office equipment, IP-phones, print servers
MX-M5070
Hardware solutions / Office equipment, IP-phones, print servers
MX-M4070
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3570
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3070
Hardware solutions / Office equipment, IP-phones, print servers
MX-M6050
Hardware solutions / Office equipment, IP-phones, print servers
MX-M5050
Hardware solutions / Office equipment, IP-phones, print servers
MX-M4050
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3550
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3050
Hardware solutions / Office equipment, IP-phones, print servers
MX-M2630
Hardware solutions / Office equipment, IP-phones, print servers
MX-M6070 A
Hardware solutions / Office equipment, IP-phones, print servers
MX-M4070 A
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3070 A
Hardware solutions / Office equipment, IP-phones, print servers
MX-M3050 A
Hardware solutions / Office equipment, IP-phones, print servers
MX-M2630 A
Hardware solutions / Office equipment, IP-phones, print servers
MX-B455W
Hardware solutions / Office equipment, IP-phones, print servers
MX-B355W
Hardware solutions / Office equipment, IP-phones, print servers
MX-B455WZ
Hardware solutions / Office equipment, IP-phones, print servers
MX-B355WZ
Hardware solutions / Office equipment, IP-phones, print servers
MX-B455WT
Hardware solutions / Office equipment, IP-phones, print servers
MX-B355WT
Hardware solutions / Office equipment, IP-phones, print servers

Vendor: Sharp Corporation

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

BP-70C65: All versions

BP-70C55: All versions

BP-70C45: All versions

BP-70C36: All versions

BP-70C31: All versions

BP-60C45: All versions

BP-60C36: All versions

BP-60C31: All versions

BP-50C65: All versions

BP-50C55: All versions

BP-50C45: All versions

BP-50C36: All versions

BP-50C31: All versions

BP-50C26: All versions

BP-55C26: All versions

MX-8081: All versions

MX-7081: All versions

MX-6071: All versions

MX-5071: All versions

MX-4071: All versions

MX-3571: All versions

MX-3071: All versions

MX-4061: All versions

MX-3561: All versions

MX-3061: All versions

MX-6051: All versions

MX-5051: All versions

MX-4051: All versions

MX-3551: All versions

MX-3051: All versions

MX-2651: All versions

MX-6071S: All versions

MX-5071S: All versions

MX-4071S: All versions

MX-3571S: All versions

MX-3071S: All versions

MX-4061S: All versions

MX-3561S: All versions

MX-3061S: All versions

BP-30C25: All versions

BP-30C25Y: All versions

BP-30C25Z: All versions

BP-30C25T: All versions

MX-7580N: All versions

MX-6580N: All versions

MX-8090N: All versions

MX-7090N: All versions

MX-6070N: All versions

MX-5070N: All versions

MX-4070N: All versions

MX-3570N: All versions

MX-3070N: All versions

MX-4060N: All versions

MX-3560N: All versions

MX-3060N: All versions

MX-6070V: All versions

MX-5070V: All versions

MX-4070V: All versions

MX-3570V: All versions

MX-3070V: All versions

MX-4060V: All versions

MX-3560V: All versions

MX-3060V: All versions

MX-6070N A: All versions

MX-4070N A: All versions

MX-3070N A: All versions

MX-6070V A: All versions

MX-4070V A: All versions

MX-3070V A: All versions

MX-6050N: All versions

MX-5050N: All versions

MX-4050N: All versions

MX-3550N: All versions

MX-3050N: All versions

MX-6050V: All versions

MX-5050V: All versions

MX-4050V: All versions

MX-3550V: All versions

MX-3050V: All versions

MX-2630N: All versions

MX-3050N A: All versions

MX-3050V A: All versions

MX-C304W: All versions

MX-C303W: All versions

MX-C304: All versions

MX-C303: All versions

MX-C304WH: All versions

MX-C303WH: All versions

BP-70M90: All versions

BP-70M75: All versions

BP-70M65: All versions

BP-70M55: All versions

BP-70M45: All versions

BP-70M36: All versions

BP-70M31: All versions

BP-50M55: All versions

BP-50M50: All versions

BP-50M45: All versions

BP-50M36: All versions

BP-50M31: All versions

BP-50M26: All versions

MX-M1206: All versions

MX-M1056: All versions

MX-M7570: All versions

MX-M6570: All versions

MX-M6071: All versions

MX-M5071: All versions

MX-M4071: All versions

MX-M3571: All versions

MX-M3071: All versions

MX-M6051: All versions

MX-M5051: All versions

MX-M4051: All versions

MX-M3551: All versions

MX-M3051: All versions

MX-M2651: All versions

MX-M3571S: All versions

MX-M3071S: All versions

MX-M6071S: All versions

MX-M5071S: All versions

MX-M4071S: All versions

BP-30M35: All versions

BP-30M31: All versions

BP-30M28: All versions

BP-30M35T: All versions

BP-30M31T: All versions

BP-30M28T: All versions

MX-B476W: All versions

MX-B376W: All versions

MX-B456W: All versions

MX-B356W: All versions

MX-B476WH: All versions

MX-B376WH: All versions

MX-B456WH: All versions

MX-B356WH: All versions

MX-M905: All versions

MX-M6070: All versions

MX-M5070: All versions

MX-M4070: All versions

MX-M3570: All versions

MX-M3070: All versions

MX-M6050: All versions

MX-M5050: All versions

MX-M4050: All versions

MX-M3550: All versions

MX-M3050: All versions

MX-M2630: All versions

MX-M6070 A: All versions

MX-M4070 A: All versions

MX-M3070 A: All versions

MX-M3050 A: All versions

MX-M2630 A: All versions

MX-B455W: All versions

MX-B355W: All versions

MX-B455WZ: All versions

MX-B355WZ: All versions

MX-B455WT: All versions

MX-B355WT: All versions


External links
http://global.sharp/products/copier/info/info_security_2022-11.html
http://jvn.jp/en/vu/JVNVU96195138/index.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability