.. / CVE-2024-33610

Exploit for Sharp Multifunction Printers - Cookie Exposure (CVE-2024-33610)

Description:

It was observed that Sharp printers are vulnerable to a listing of session cookies without authentication. Any attacker can list valid cookies by visiting a backdoor webpage and use them to authenticate to the printers.

Nuclei Template

View the template here CVE-2024-33610.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-33610.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-33610
https://global.sharp/products/copier/info/info_security_2024-05.html
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html#pre-auth-cookies
https://jvn.jp/en/vu/JVNVU93051062/index.html