CVE-2025-12049
Missing Authentication in Sharp Media Player MP-01 Enables Unauthorized Access
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: NEC Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sharp | display_solutions_media_player | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is a missing authentication flaw in the Sharp Display Solutions Media Player MP-01. It allows an attacker to access the web interface of the device without any authentication, enabling them to change settings, perform operations, and deliver arbitrary content from the authoring software without authorization. [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary commands or programs on the affected media player, change its settings, and deliver unauthorized content. This can lead to unauthorized control over the device and potentially disrupt operations or compromise the integrity of displayed content. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users are advised to operate the Sharp Display Solutions Media Player MP-01 only within a secure intranet protected by a firewall and avoid connecting it to the Internet, thereby preventing unauthorized access. [1]