About Plural Security Vulnerabilities in SHARP Multifunctional Products (MFP)
The following security vulnerabilities were identified and may impact some MFPs that are not properly protected from outside the network with a strong admin password and/or firewall. The following is a summary of the vulnerabilities, affected models, and countermeasures:
Vulnerability identification number | JVNVU#95063136 / See the following Detailed Information of the vulnerabilities for the CVE numbers |
---|---|
Affected models and firmware version | See the separate table below. |
Detailed information of the vulnerabilities |
|
Condition to enable attacks using this vulnerability | To enable attackers to successfully attack the MFP using these vulnerabilities, the following conditions shall be fulfilled:
|
Possible impacts | If the above conditions are fulfilled, attackers may be able to :
|
Mitigation measures | To mitigate the security risks, ensure to protect your MFPs and apply the following countermeasures:
|
Countermeasure | See [Affected models and the status of countermeasures] below. Sharp released updated firmware to mitigate these vulnerabilities for the models listed in Table 1. Regarding the models listed in Table 2, all firmware versions are affected, however, firmware support has ended. Please implement the above mitigation measures or consider discontinuing use of the product or migrating to a successor model. For details, consult your authorized Sharp service providers. |
Acknowledgment | |
Information | JVNVU#95063136: https://jvn.jp/en/vu/JVNVU95063136/index.html CVE:
|
■ Affected models and the status of countermeasures
Table 1: Countermeasure firmware is available for the following models:
Category | Model name | Firmware version affected (see note) * Check the 2nd to 4th digits of the firmware version |
---|---|---|
Digital Full-color Multifunctional System | BP-90C70/BP-90C80 |
“210” or earlier |
BP-70C65/BP-70C55/BP-70C45/ BP-70C36/BP-70C31/ BP-60C45/BP-60C36/BP-60C31/ BP-50C65/BP-50C55/BP-50C45/ BP-50C36/BP-50C31/BP-50C26/ BP-55C26 |
“320” or earlier | |
MX-8081/MX-7081 | “160” or earlier | |
MX-6071/MX-5071/MX-4071/ MX-3571/MX-3071/ MX-4061/MX-3561/MX-3061/ MX-6051/MX-5051/MX-4051/ MX-3551/MX-3051/MX-2651/ MX-6071S/MX-5071S/MX-4071S/ MX-3571S/MX-3071S MX-4061S/MX-3561S/MX-3061S |
“613” or earlier |
|
BP-30C25 BP-30C25Y BP-30C25Z BP-30C25T |
“130” or earlier | |
MX-7580N/MX-6580N | “503” or earlier | |
MX-8090N/MX-7090N | “405” or earlier | |
MX-6070N/MX-5070N/MX-4070N/ MX-3570N/MX-3070N/ MX-4060N/MX-3560N/MX-3060N/ MX-6070V/MX-5070V/MX-4070V/ MX-3570V/MX-3070V/ MX-4060V/MX-3560V/MX-3060V/ MX-6070N A/MX-4070N A/MX-3070N A MX-6070V A/MX-4070V A/MX-3070V A |
“802” or earlier | |
MX-6050N/MX-5050N/ MX-4050N/MX-3550N/MX-3050N/ MX-6050V/MX-5050V/ MX-4050V/MX-3550V/MX-3050V/ MX-2630N/ MX-3050N A/ MX-3050V A |
“802” or earlier | |
BP-C545WD/BP-C542WD/ BP-C535WD/BP-C533WD/ BP-C535WR/BP-C533WR |
“262” or earlier | |
MX-C304W/MX-C303W/ MX-C304/MX-C303/ MX-C304WH/MX-C303WH |
“520” or earlier | |
Digital Multifunctional System (Monochrome) | BP-70M90/BP-70M75 |
“310” or earlier |
BP-70M65/BP-70M55/BP-70M45/ BP-70M36/BP-70M31/ BP-50M55/BP-50M50/BP-50M45/ BP-50M36/BP-50M31/BP-50M26 |
“320” or earlier | |
MX-M1206/MX-M1056 | “200” or earlier (with Data Security Kit MX-FR66U: “210” or earlier) |
|
MX-M7570/MX-M6570 | “456” or earlier | |
MX-M6071/MX-M5071/MX-M4071/ MX-M3571/MX-M3071/ MX-M6051/MX-M5051/MX-M4051/ MX-M3551/MX-M3051/MX-M2651/ MX-M3571S/MX-M3071S/ MX-M6071S/MX-M5071S/MX-M4071S |
“413” or earlier | |
BP-30M35/BP-30M31/BP-30M28/ BP-30M35T/BP-30M31T/BP-30M28T |
“220” or earlier | |
MX-B476W/MX-B376W/ MX-B456W/MX-B356W/ MX-B476WH/MX-B376WH/ MX-B456WH/MX-B356WH |
“413” or earlier | |
MX-M905 | “612” or earlier | |
MX-M6070/MX-M5070/MX-M4070/ MX-M3570/MX-M3070/ MX-M6050/MX-M5050/MX-M4050/ MX-M3550/MX-M3050/ MX-M2630/ MX-M6070 A/MX-M4070 A/MX-M3070 A/ MX-M3050 A/ MX-M2630 A |
“503” or earlier | |
BP-B550WD/BP-B540WR/ BP-B547WD/BP-B537WR |
“260” or earlier | |
MX-B455W/MX-B355W/ MX-B455WZ/MX-B355WZ/ MX-B455WT/MX-B355WT |
“404” or earlier (with Data Security Kit MX-FR59U: “405” or earlier) |
NOTE: Follow the steps to check firmware version of your MFP.
Administrator login is required:
- ● Select [Settings] icon from the operation panel.
- If you are accessing the MFP from your PC within the network, you may access the MFP settings via Web browser by entering its IP address.
- ● Select [Status] tab.
- Select [Firmware version].
- ● The 16-digit alphanumeric string after “BUNDLE” (two 8-digit alphanumeric strings connected with an underscore) is the firmware
- version(e.g., 0510Z200_22040400).
Table 2: For the following models, possible impact Nos. 2 and 3 are not affected. Since the firmware support for these models has ended, please implement the above mitigation measures or consider discontinuing use of the product or migrating to a successor model:
Category | Model name |
---|---|
Digital Full-color Multifunctional System | MX-7500N/MX-6500N |
MX-7040N/MX-6240N |
|
MX-5141N/MX-5140N/MX-4141N/MX-4140N/ MX-5141N A/MX-4140N A |
|
MX-3640N/MX-3140N/MX-2640N/MX-3140N A/ MX-3640NR/MX-3140NR/MX-2640NR |
|
MX-3116N/MX-2616N/ MX-3115N/MX-2615N/MX-2615 A |
|
MX-5112N/MX-5111N/MX-5110N/MX-4112N/MX-4111N/MX-4110N | |
MX-3610N/MX-3110N/MX-2610N/MX-3110N A/MX-3610NR |
|
MX-C301W/MX-C301 |
|
MX-2314N/MX-2314NR |
|
MX-3111U/MX-2310U/MX-2310R |
|
MX-2010U/MX-1810U |
|
MX-C401/DX-C401/DX-C401 J/MX-C400/DX-C400/ MX-C381/DX-C381/MX-C380/MX-C381B MX-C312/MX-C311/DX-C311/DX-C311J/MX-C310/DX-C310/ MX-C400P/MX-C380P/ MX-C402SC/MX-C382SC/MX-C382SCB |
|
MX-5001N/MX-5000N/MX-4101N/MX-4100N |
|
MX-3100N/MX-3100G/MX-2600N/MX-2600G |
|
MX-3101N/MX-2601N/MX-2301N |
|
DX-2500N/DX-2000U | |
Digital Multifunctional System (Monochrome) | MX-M1205/MX-M1055 |
MX-M1204/MX-M1054/MX-M904 |
|
MX-M754N/MX-M654N/MX-M754N A/MX-M654N A |
|
MX-M565N/MX-M465N/MX-M365N/ MX-M465N A/MX-M365N A |
|
MX-M564N/MX-M464N/MX-M364N/MX-M564N A |
|
MX-M356N/MX-M316N/MX-M315N/MX-M356U/MX-M315U/ MX-M266N/MX-M265N/MX-M265U/ MX-M315NE/MX-M265NE/ MX-M356NV/MX-M316NV/MX-M315NV/MX-M356UV/MX-M315UV/ MX-M266NV/MX-M265NV/MX-M265UV/ MX-M315NE/MX-M265NE/MX-M315V/MX-M265V |
|
MX-M354N/MX-M314N/MX-M264N/ MX-M354U/MX-M314U/MX-M264U/ MX-M314NV/MX-M264NV/ MX-M354NR/MX-M314NR/MX-M264NR |
|
MX-B402/MX-B382/ MX-B402P/MX-B382P/ MX-B402SC/MX-B382SC |
|
MX-B401/MX-B381/ MX-B400P/MX-B380P |
|
MX-M753N/MX-M753U/MX-M623N/MX-M623U |
|
MX-M503N/MX-M453N/MX-M363N/MX-M283N/ MX-M503U/MX-M453U/MX-M363U |