Published:2021/07/05  Last Updated:2021/07/05

JVN#21636825
A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass

Overview

SCT-40CM01SR and AT-40CM01SR provided by A-Stage Inc. contain an authentication bypass vulnerability.

Products Affected

  • SCT-40CM01SR and AT-40CM01SR

Description

SCT-40CM01SR and AT-40CM01SR provided by A-Stage Inc. are liquid crystal televisions. SCT-40CM01SR and AT-40CM01SR contain an authentication bypass vulnerability (CWE-287).

Impact

An attacker who can access the device may log in via telnet without authentication and execute an arbitrary command.

According to the developer, even if an arbitrary command is executed, programs regarding the functions of the products can not be altered or deleted.

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
According to the developer, the update requires a repair support by the developer. For more information, contact the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
A-Stage Inc. Vulnerable 2021/07/05

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score: 5.4
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:N
Base Score: 4.8
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

Shinnosuke Tokusho reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2021-20776
JVN iPedia JVNDB-2021-000061