Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU56693
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20698
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsUN462A: R1.300
UN462VA: R1.300
UN492S: R1.300
UN492VS: R1.300
UN552A: R1.300
UN552S: R1.300
UN552VS: R1.300
UN552: R1.300
UN552V: R1.300
UX552S: R1.300
UX552: R1.300
V864Q: R2.000
C861Q: R2.000
P754Q: R2.000
V754Q: R2.000
C751Q: R2.000
V984Q: R2.000
C981Q: R2.000
P654Q: R2.000
V654Q: R2.000
C651Q: R2.000
V554Q: R2.000
P404: R3.201
P484: R3.201
P554: R3.201
V404: R3.201
V484: R3.201
V554: R3.201
V404-T: R3.201
V484-T: R3.201
V554-T: R3.201
C501: R2.000
C551: R2.000
C431: R2.000
External linkshttp://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html
http://jvn.jp/en/jp/JVN42866574/index.html
http://www.sharp-nec-displays.com/dl/en/dp_soft/pd_fm_update/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU56694
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20699
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsUN462A: R1.300
UN462VA: R1.300
UN492S: R1.300
UN492VS: R1.300
UN552A: R1.300
UN552S: R1.300
UN552VS: R1.300
UN552: R1.300
UN552V: R1.300
UX552S: R1.300
UX552: R1.300
V864Q: R2.000
C861Q: R2.000
P754Q: R2.000
V754Q: R2.000
C751Q: R2.000
V984Q: R2.000
C981Q: R2.000
P654Q: R2.000
V654Q: R2.000
C651Q: R2.000
V554Q: R2.000
P404: R3.201
P484: R3.201
P554: R3.201
V404: R3.201
V484: R3.201
V554: R3.201
V404-T: R3.201
V484-T: R3.201
V554-T: R3.201
C501: R2.000
C551: R2.000
C431: R2.000
External linkshttp://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html
http://jvn.jp/en/jp/JVN42866574/index.html
http://www.sharp-nec-displays.com/dl/en/dp_soft/pd_fm_update/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.