cbcvebase.
CVE-2024-33610
published 2024-11-26

CVE-2024-33610: "sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information…

PriorityP275critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
45.14%
98.6th percentile
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Affected

2 ranges
VendorProductVersion rangeFixed in
sharp_corporationmultiple_mfps
toshiba_tec_corporationmultiple_mfps

Detection & IOCsextracted from sources · hover to see the quote

path/sessionlist.html
path/sys_trayentryreboot.html
cookieMFPSESSIONID
  • Unauthenticated GET request to /sessionlist.html returning HTTP 200 with session cookie listing fields indicates exploitation of CVE-2024-33610.
  • Shodan query 'Set-Cookie: MFPSESSIONID=' can be used to identify exposed Sharp MFP devices on the internet.
  • Response body containing all of: 'No.', 'User', 'From', 'Last login', 'Last access', 'Language ID', 'Cookie' on /sessionlist.html without authentication confirms active session cookie exposure.
  • Access to /sys_trayentryreboot.html without authentication allows unauthenticated device reboot — monitor for unauthenticated GET requests to this path.
  • ·The vulnerability affects multiple Sharp Multifunction Printer models; specific affected product names, model numbers, and versions must be obtained from vendor references.
  • ·Session cookies exposed via /sessionlist.html can be directly reused by an attacker to authenticate to the printer without credentials — harvested MFPSESSIONID values are immediately actionable for session hijacking.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.