CVE-2025-11544
Integrity Check Bypass in Sharp Projectors Enables Unauthorized Firmware
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: NEC Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sharp | display_solutions_projectors | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-912 | The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Validation of Integrity Check Value in Sharp Display Solutions projectors. It allows an attacker to create and run unauthorized firmware on the affected devices. Additionally, attackers can execute hidden commands and improperly retrieve network connection information without authorization. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized execution of firmware and hidden commands on the projector, potentially compromising the device's functionality and security. Attackers may also access sensitive network connection information without permission, which could lead to further network attacks or data breaches. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, Sharp recommends applying a firmware update by contacting Sharp. Alternatively, use the affected projectors only within a secure intranet environment protected by a firewall and avoid any direct Internet connection to prevent unauthorized access. [1]