JVNDB-2026-000002

Multiple vulnerabilities in multiple Sharp Display Solutions Projectors

Multiple projectors provided by Sharp Display Solutions contain multiple vulnerabilities listed below.

• Path traversal (CWE-22, CVE-2025-11540)
• Stack-based buffer overflow (CWE-121, CVE-2025-11541, CVE-2025-11542)
• Improper validation of integrity check value (CWE-354, CVE-2025-11543)
• Hidden functionality (CWE-912, CVE-2025-11544)
• Exposure of sensitive system information to an unauthorized control sphere (CWE-497, CVE-2025-11545)

Sebastian Pahl of the University of Luxembourg reported these vulnerabilities to the developer and coordinated. After the coordination was completed, the developer reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

A wide range of products are affected.
As for the details of affected product names and model numbers, refer to the information provided by the vendor in [Vendor Information].

(Multiple Venders)

• (Multiple Products)

• An attacker may obtain any files within the projector (CVE-2025-11540)
• An attacker may execute arbitrary commands and programs (CVE-2025-11541, CVE-2025-11542)
• An attacker may run an unauthorized firmware (CVE-2025-11543)
• An attacker may obtain network connection information (CVE-2025-11544)
• An attacker may execute arbitrary actions on the projector (CVE-2025-11545)

[Apply the Workaround]
The developer has provided workarounds for all affected products. Apply the workarounds according to the information provided by the developer.

[Update the firmware]
The developer has provided the updated firmware versions addressing these vulnerabilities for some of the affected products. Update the firmware to the latest version according to the information provided by the developer.

For more information, refer to the information provided by the developer.

Sharp Display Solutions, Ltd.

• Sharp Display Solutions, Ltd. : Multiple vulnerabilities in projectors
• Sharp Display Solutions, Ltd. : Vulnerabilities allowing unauthorized information retrieval in projectors
• Sharp Display Solutions, Ltd. : Vulnerabilities allowing unauthorized operations in projectors

1. Path Traversal(CWE-22) [IPA Evaluation]
2. No Mapping(CWE-Other) [IPA Evaluation]

1. CVE-2025-11540
2. CVE-2025-11541
3. CVE-2025-11542
4. CVE-2025-11543
5. CVE-2025-11544
6. CVE-2025-11545

1. JVN : JVN#45776251

• [2026/01/07]
    Web page was published