JVNVU#96231218: Media Player MP-01 vulnerable to Missing Authentication for Critical Function

Overview

Media Player MP-01 provided by Sharp Display Solutions, Ltd. contains a Missing Authentication for Critical Function vulnerability (CWE-306).

Products Affected

Media Player MP-01 all versions

Description

Media Player MP-01 provided by Sharp Display Solutions, Ltd. contains the following vulnerability.

Missing Authentication for Critical Function (CWE-306)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-12049

Impact

An attacker may access to the web interface of the affected product without authentication and change settings or perform other operations
An attacker may deliver content from the authoring software to the affected product without authentication

Solution

Apply the Workaround
The affected products are no longer supported.
The developer recommends a user to apply the workaround if the user continues to use the product. Refer to the information provided by the developer for details.

Vendor Status

Vendor	Link
Sharp Display Solutions, Ltd.	Vulnerability of missing authentication in media player

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Souvik Kandar of MicroSec (microsec.io) discovered and reported the vulnerability to the developer and CISA. Cooperating with CISA, JPCERT/CC coordinated between the reporter and the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#96231218 Media Player MP-01 vulnerable to Missing Authentication for Critical Function