[Japanese]

JVNDB-2025-022878

Media Player MP-01 vulnerable to Missing Authentication for Critical Function

Overview

Media Player MP-01 provided by Sharp Display Solutions, Ltd. contains the following vulnerability.
  • Missing Authentication for Critical Function (CWE-306) - CVE-2025-12049
Souvik Kandar of MicroSec (microsec.io) discovered and reported the vulnerability to the developer and CISA. Cooperating with CISA, JPCERT/CC coordinated between the reporter and the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


Sharp NEC Display Solutions, Ltd.
  • Media Player MP-01 all versions

Impact

  • An attacker may access to the web interface of the affected product without authentication and change settings or perform other operations
  • An attacker may deliver content from the authoring software to the affected product without authentication
Solution

[Apply the Workaround]
The affected products are no longer supported.
The developer recommends a user to apply the workaround if the user continues to use the product. Refer to the information provided by the developer for details.
Vendor Information

Sharp NEC Display Solutions, Ltd.
CWE (What is CWE?)

  1. Missing Authentication for Critical Function(CWE-306) [Other]
CVE (What is CVE?)

  1. CVE-2025-12049
References

  1. JVN : JVNVU#96231218
Revision History

  • [2025/12/24]
      Web page was published

Date Public2025/12/23
Date First Published2025/12/24
Date Last Updated2025/12/24