SB2024121607 - Multiple vulnerabilities in SHARP routers for SoftBank
Published: December 16, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Active Debug Code (CVE-ID: CVE-2024-46873)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the hidden debug function is enabled. A remote attacker can execute arbitrary commands on the system.
2) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2024-52321)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper authentication in the configuration backup function. A remote attacker can gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.
References
- https://jvn.jp/en/jp/JVN61635834/index.html"
- https://jvn.jp/en/jp/JVN61635834/index.html</a></p><p><a
- https://k-tai.sharp.co.jp/support/info/info083.html"
- https://k-tai.sharp.co.jp/support/info/info083.html</a></p><p>
- https://www.softbank.jp/mobile/info/personal/software/20241205-01/</p><p><br></p><p><br></p>