Refine your search

2 vulnerabilities found for Media Player MP-01 by Sharp Display Solutions, Ltd.

jvndb-2025-022878
Vulnerability from jvndb
Published
2025-12-24 11:10
Modified
2026-01-15 11:10
Severity ?
9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Media Player MP-01 vulnerable to Missing Authentication for Critical Function
Details
NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability.<ul><li>Missing Authentication for Critical Function (CWE-306) - CVE-2025-12049</li></ul>Souvik Kandar of MicroSec (microsec.io) discovered and reported the vulnerability to the developer and CISA. Cooperating with CISA, JPCERT/CC coordinated between the reporter and the developer.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-022878.html",
  "dc:date": "2026-01-15T11:10+09:00",
  "dcterms:issued": "2025-12-24T11:10+09:00",
  "dcterms:modified": "2026-01-15T11:10+09:00",
  "description": "NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability.\u003cul\u003e\u003cli\u003eMissing Authentication for Critical Function (CWE-306) - CVE-2025-12049\u003c/li\u003e\u003c/ul\u003eSouvik Kandar of MicroSec (microsec.io) discovered and reported the vulnerability to the developer and CISA. Cooperating with CISA, JPCERT/CC coordinated between the reporter and the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-022878.html",
  "sec:cpe": {
    "#text": "cpe:/a:misc:sharp-display-solutions_mp-01",
    "@product": "Media Player MP-01",
    "@vendor": "Sharp Display Solutions, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "9.8",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2025-022878",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96231218/index.html",
      "@id": "JVNVU#96231218",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-12049",
      "@id": "CVE-2025-12049",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/306.html",
      "@id": "CWE-306",
      "@title": "Missing Authentication for Critical Function(CWE-306)"
    }
  ],
  "title": "Media Player MP-01 vulnerable to Missing Authentication for Critical Function"
}

CVE-2025-12049 (GCVE-0-2025-12049)
Vulnerability from cvelistv5
Published
2025-12-22 05:05
Modified
2025-12-22 17:07
Severity ?
9.2 (Critical) - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
  • CWE-306 - Missing Authentication for Critical Function
Summary
Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication.
References
Impacted products
Vendor Product Version
Sharp Display Solutions, Ltd. Media Player MP-01 Version: All versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12049",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-22T17:07:00.976136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-22T17:07:30.700Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Media Player MP-01",
          "vendor": "Sharp Display Solutions, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Souvik Kandar of MicroSec (microsec.io)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication."
            }
          ],
          "value": "Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-22T05:05:25.588Z",
        "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "shortName": "NEC"
      },
      "references": [
        {
          "url": "https://sharp-displays.jp.sharp/global/support/info/MP01-CVE-2025-12049.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "unsupported-when-assigned"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
    "assignerShortName": "NEC",
    "cveId": "CVE-2025-12049",
    "datePublished": "2025-12-22T05:05:25.588Z",
    "dateReserved": "2025-10-22T00:22:02.916Z",
    "dateUpdated": "2025-12-22T17:07:30.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}