CVE-2024-46873 | THREATINT

Description

Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker.

PUBLISHED Reserved 2024-12-02 | Published 2024-12-23 | Updated 2024-12-24 | Assigner jpcert

CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Active debug code

Product status

S5.82.00 and earlier

affected

S3.87.11 and earlier

affected

S6.60.00 and earlier

affected

01.00.C0 and earlier

affected

01.00.B9 and earlier

affected

02.00.48 and earlier

affected

References

k-tai.sharp.co.jp/support/info/info083.html

jvn.jp/en/jp/JVN61635834/

cve.org (CVE-2024-46873)

nvd.nist.gov (CVE-2024-46873)

Download JSON