|
[Japanese]
|
JVNDB-2021-000081
|
Multiple vulnerabilities in Sharp NEC Display Solutions' public displays
|
|
Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below.
* Command Injection (CWE-77) - CVE-2021-20698
* Buffer Overflow (CWE-120) - CVE-2021-20699
Howard McGreehan of Aon's Cyber Solutions reported these vulnerabilities to Sharp NEC Display Solutions, Ltd., and Sharp NEC Display Solutions, Ltd. reported them to JPCERT/CC to notify users of the solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 9.8 (Critical) [NVD Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 10.0 (High) [NVD Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2021-20698
|
CVSS V3 Severity:
Base Metrics
9.8 (Critical) [IPA Score]
-
Attack Vector: Network
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: None
-
Scope: Unchanged
-
Confidentiality Impact: High
-
Integrity Impact: High
-
Availability Impact: High
CVSS V2 Severity:Base Metrics
10.0 (High)
[IPA Score]
-
Access Vector: Network
-
Access Complexity: Low
-
Authentication: None
-
Confidentiality Impact: Complete
-
Integrity Impact: Complete
-
Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2021-20699
|
|
|
Sharp NEC Display Solutions, Ltd.
- C431 firmware version R2.000 and earlier
- C501 firmware version R2.000 and earlier
- C551 firmware version R2.000 and earlier
- C651Q firmware version R2.000 and earlier
- C751Q firmware version R2.000 and earlier
- C861Q firmware version R2.000 and earlier (*1)
- C981Q firmware version R2.000 and earlier (*1)
- P404 firmware version R3.201 and earlier
- P484 firmware version R3.201 and earlier
- P554 firmware version R3.201 and earlier
- P654Q firmware version R2.000 and earlier
- P754Q firmware version R2.000 and earlier
- UN462A firmware version R1.300 and earlier
- UN462VA firmware version R1.300 and earlier
- UN492S firmware version R1.300 and earlier
- UN492VS firmware version R1.300 and earlier
- UN552 firmware version R1.300 and earlier
- UN552A firmware version R1.300 and earlier
- UN552S firmware version R1.300 and earlier
- UN552V firmware version R1.300 and earlier
- UN552VS firmware version R1.300 and earlier
- UX552 firmware version R1.300 and earlier (*1)
- V404 firmware version R3.201 and earlier
- V404-T firmware version R3.201 and earlier
- V484 firmware version R3.201 and earlier
- V484-T firmware version R3.201 and earlier
- V554 firmware version R3.201 and earlier
- V554-T firmware version R3.201 and earlier
- V554Q firmware version R3.201 and earlier
- V654Q firmware version R2.000 and earlier
- V754Q firmware version R2.000 and earlier
- V864Q firmware version R2.000 and earlier
- V984Q firmware version R2.000 and earlier
|
(*1)UX552, C861Q, C981Q are the products sold outside Japan.
For more information, refer to the information provided by the developer.
|
|
Arbitrary code may be executed by an attacker who can access the affected display.
|
|
[Update the firmware]
Apply the appropriate firmware update according to the information provided by the developer.
|
|
Sharp NEC Display Solutions, Ltd.
|
|
- Buffer Errors(CWE-119) [IPA Evaluation]
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2021-20698
- CVE-2021-20699
|
|
- JVN : JVN#42866574
- National Vulnerability Database (NVD) : CVE-2021-20698
- National Vulnerability Database (NVD) : CVE-2021-20699
|
|
- [2021/09/17]
Web page was published
|
