Multiple security flaws reported in SHARP routers
Take action: If you are running a Sharp router, or a router from KDDI CORPORATION, NTT DOCOMO, or SoftBank, check the model against the advisory and contact your provider for an updated firmware version. Don't delay - especially for the critical flaw.
Learn More
Multiple security vulnerabilities have been identified in SHARP routers and reported through JPCERT/CC.
- CVE-2024-46873 (CVSS score 9.8): A critical hidden debug function vulnerability requiring no authentication
- CVE-2024-45721 (CVSS score 7.2): OS command injection vulnerability in hostname configuration
- CVE-2024-54082 (CVSS score 7.2): OS command injection vulnerability in configuration restore
- CVE-2024-52321 (CVSS score 5.9): Improper authentication in backup functionality
- CVE-2024-47864 (CVSS score 5.3): Buffer overflow in debug function
Successful exploitation could allow attackers to execute arbitrary commands with root privileges, crash the web console interface, or access sensitive information stored in backup files. The most critical vulnerability, CVE-2024-46873 can be exploited remotely without any authentication requirements.
The vulnerabilities affect multiple SHARP router models across several major service providers.
- NTT DOCOMO Home 5G HR02,
- Wi-Fi Station models SH-52B, SH-54C, and SH-05L.
- SoftBank's Pocket Wifi 809SH
- KDDI's Speed Wi-Fi NEXT W07 are also impacted.
Each model has specific vulnerable firmware versions that require immediate updates.
All major vendors, including KDDI CORPORATION, NTT DOCOMO, INC., Sharp Corporation, and SoftBank Corp., have acknowledged these vulnerabilities and are actively working on remediation as of December 16, 2024. Users are strongly advised to update their router firmware to the latest versions available from their respective vendors.
