Published:2021/09/17 Last Updated:2021/09/17
JVN#42866574
Multiple vulnerabilities in Sharp NEC Display Solutions' public displays
Overview
Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities.
Products Affected
- UN462A, UN462VA, UN492S, UN492VS, UN552A, UN552S, UN552VS, UN552, UN552V, UX552(*1) firmware version R1.300 and earlier
- V864Q, C861Q(*1), P754Q, V754Q, C751Q, V984Q, C981Q(*1), P654Q, V654Q, C651Q, V554Q firmware version R2.000 and earlier
- P404, P484, P554, V404, V484, V554, V404-T, V484-T, V554-T firmware version R3.201 and earlier
- C501, C551, C431 firmware version R2.000 and earlier
For more information, refer to the information provided by the developer.
Description
Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below.
- Command Injection (CWE-77) - CVE-2021-20698
CVSS v2 AV:N/AC:L/Au:N/C:C/I:C/A:C Base Score:10.0 CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8 - Buffer Overflow (CWE-120) - CVE-2021-20699
CVSS v2 AV:N/AC:L/Au:N/C:C/I:C/A:C Base Score:10.0 CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8
Impact
Arbitrary code may be executed by an attacker who can access the affected display.
Solution
Update the firmware
Apply the appropriate firmware update according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Sharp NEC Display Solutions, Ltd. | Vulnerabilities in public displays |
| Public Display Firmware Update |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Howard McGreehan of Aon's Cyber Solutions reported these vulnerabilities to Sharp NEC Display Solutions, Ltd., and Sharp NEC Display Solutions, Ltd. reported them to JPCERT/CC to notify users of the solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2021-20698 |
|
CVE-2021-20699 |
|
| JVN iPedia |
JVNDB-2021-000081 |