|
[Japanese]
|
JVNDB-2024-001882
|
Sharp NEC Display Solutions' public displays vulnerable to local file inclusion
|
|
Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain a local file inclusion vulnerability (CWE-22, CVE-2023-7077).
Tunahan TEKEOĞLU of Senior Cyber Security Consultant reported this vulnerability to Sharp NEC Display Solutions, Ltd. and coordinated. Sharp NEC Display Solutions, Ltd. reported this case to JPCERT/CC to notify users of the solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 9.8 (Critical) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Sharp NEC Display Solutions, Ltd.
|
A wide range of the products and versions are affected.
As for the details of the affected products and versions, refer to the information provided by the developer.
|
|
If an attacker sends a specially crafted request to the product's web application,
arbitrary code may be executed.
|
|
[Stop using the products and Switch to alternative products]
The developer states that the products are no longer supported, therefore recommends using alternative unaffected products.
[Apply a Workaround]
In the case that switching to alternative products is difficult, applying the following workaround may mitigate the impact of this vulnerability.
* Use the product only in a safe intranet protected by a firewall, etc. and do not connect the public displays to the Internet
For more information, refer to the information provided by the developer.
|
|
Sharp NEC Display Solutions, Ltd.
|
|
- Path Traversal(CWE-22) [Other]
|
|
- CVE-2023-7077
|
|
- JVN : JVNVU#97836276
|
|
- [2024/02/07]
Web page was published
|
