Critical SHARP Routers Vulnerabilities Lets Attacker Trigger RCE to Gain Root Access

SHARP has issued an urgent security advisory regarding multiple vulnerabilities discovered in several of its router products. Customers using the affected devices are strongly urged to update their firmware immediately to secure their networks against potential attacks.

Below is a detailed overview of the vulnerabilities, the affected products, and the recommended actions.

SHARP has outlined the potential risks associated with the vulnerabilities, which include:

1. Arbitrary Code Execution: Attackers may execute commands with root privileges (CVE-2024-45721, CVE-2024-46873, CVE-2024-54082).
2. Sensitive Information Exposure: Improper access permissions might allow attackers to retrieve router configuration files (CVE-2024-52321).
3. Denial of Service: Exploitation of buffer overflow vulnerabilities could crash the router (CVE-2024-47864).

An attack requires the attacker to have access to the router through Wi-Fi, USB, or LAN, as well as possession of specific knowledge that is not typically available to the average user. In scenarios where these conditions are not met, the likelihood of network exploitation is considered low.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

Overview of Vulnerabilities

SHARP routers have been found to contain several security flaws that could potentially allow attackers to execute malicious activities, from gaining root privileges to causing denial-of-service (DoS) attacks.

The identified vulnerabilities are assigned the following CVEs with corresponding descriptions:

• CVE-2024-45721: OS command injection in the HOST name configuration screen, enabling attackers with root privileges to execute arbitrary commands.
• CVE-2024-46873: Exploitation of hidden debug functions, allowing unauthorized access and root privilege escalation.
• CVE-2024-47864: Buffer overflow issue in the hidden debug function, which could result in denial of service.
• CVE-2024-52321: Improper authentication in the configuration backup function, potentially exposing sensitive information.
• CVE-2024-54082: Command injection vulnerability during configuration restoration, leading to arbitrary command execution with high-level privileges.

Each flaw has been rated based on potential impact, ranging from medium to critical severity, with CVSS scores as high as 9.8.

Impacted Devices

The vulnerabilities impact various router models and software versions across multiple providers. For NTT Docomo, Inc., affected models include:

• Wi-Fi STATION SH-05L (versions 01.00.C0 and earlier),
• Wi-Fi STATION SH-52B (versions S3.87.11 and earlier), |
• Wi-Fi STATION SH-54C (versions S6.60.00 and earlier)
• home 5G HR02 (versions S5.82.00 and earlier).

SoftBank Corp.’s Pocket WiFi 809SH is affected in versions 01.00.B9 and earlier. For KDDI Corporation, the Speed Wi-Fi NEXT W07 is impacted in versions 02.00.48 and earlier.

SHARP has released updated firmware versions addressing all known vulnerabilities. Customers are advised to:

1. Update Firmware: Immediately download and install the latest software from SHARP’s official website or the respective provider (NTT Docomo, SoftBank, KDDI).
2. Enable Auto-Updates: Ensure the router is set to update automatically for future security patches.

If auto-update is already enabled, the devices may have been updated, but users are encouraged to verify

SHARP extends its gratitude to JPCERT/CC and the security researcher who identified and reported these vulnerabilities. Their efforts have helped mitigate potential risks to users’ network security.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free