Local File Inclusion in Sharp NEC Display Solutions Public Displays

Published: 2024-02-06

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2023-7077
CWE-ID	CWE-94
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	P403 Hardware solutions / Firmware P463 Hardware solutions / Firmware P553 Hardware solutions / Firmware P703 Hardware solutions / Firmware P801 Hardware solutions / Firmware X554UN Hardware solutions / Firmware X464UN Hardware solutions / Firmware X554UNS Hardware solutions / Firmware X464UNV Hardware solutions / Firmware X474HB Hardware solutions / Firmware X464UNS Hardware solutions / Firmware X554UNV Hardware solutions / Firmware X555UNS Hardware solutions / Firmware X555UNV Hardware solutions / Firmware X754HB Hardware solutions / Firmware X554HB Hardware solutions / Firmware E705 Hardware solutions / Firmware E805 Hardware solutions / Firmware E905 Hardware solutions / Firmware UN551S Hardware solutions / Firmware UN551VS Hardware solutions / Firmware X551UHD Hardware solutions / Firmware X651UHD Hardware solutions / Firmware X841UHD Hardware solutions / Firmware X981UHD Hardware solutions / Firmware MD551C8 Hardware solutions / Firmware
Vendor	Sharp NEC Display Solutions

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Local File Inclusion

EUVDB-ID: #VU86167

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-7077

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

P403: All versions

P463: All versions

P553: All versions

P703: All versions

P801: All versions

X554UN: All versions

X464UN: All versions

X554UNS: All versions

X464UNV: All versions

X474HB: All versions

X464UNS: All versions

X554UNV: All versions

X555UNS: All versions

X555UNV: All versions

X754HB: All versions

X554HB: All versions

E705: All versions

E805: All versions

E905: All versions

UN551S: All versions

UN551VS: All versions

X551UHD: All versions

X651UHD: All versions

X841UHD: All versions

X981UHD: All versions

MD551C8: All versions

External links

http://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html
http://jvn.jp/en/vu/JVNVU97836276/index.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.