#VU97749 Inclusion of Undocumented Features or Chicken Bits in Sharp NEC Display Solutions products - CVE-2024-7011

Vulnerability identifier: #VU97749

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-7011

CWE-ID: CWE-1242

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
NP-CB4500UL
NP-CB4500WL
NP-CB4700UL
NP-P525UL
NP-P525UL+
NP-P525ULG
NP-P525ULJL
NP-P525WL
NP-P525WL+
NP-P525WLG
NP-P525WLJL
NP-CG6500UL
NP-CG6500WL
NP-CG6700UL
NP-P605UL
NP-P605UL+
NP-P605ULG
NP-P605ULJL
NP-CA4120X
NP-CA4160W
NP-CA4160X
NP-CA4200U
NP-CA4200W
NP-CA4202W
NP-CA4260X
NP-CA4300X
NP-CA4355X
NP-CD2100U
NP-CD2120X
NP-CD2300X
NP-CR2100X
NP-CR2170W
NP-CR2170X
NP-CR2200U
NP-CR2200W
NP-CR2280X
NP-CR2310X
NP-CR2350X
NP-MC302XG
NP-MC332WG
NP-MC332WJL
NP-MC342XG
NP-MC372X
NP-MC372XG
NP-MC382W
NP-MC382WG
NP-MC422XG
NP-ME342UG
NP-ME372W
NP-ME372WG
NP-ME372WJL
NP-ME382U
NP-ME382UG
NP-ME382UJL
NP-ME402X
NP-ME402XG
NP-ME402XJL
NP-CB4500XL
NP-CG6400UL
NP-CG6400WL
NP-CG6500XL
NP-PE455UL
NP-PE455ULG
NP-PE455WL
NP-PE455WLG
NP-PE505XLG
NP-CB4600U
NP-CF6600U
NP-P474U
NP-P554U
NP-P554U+
NP-P554UG
NP-P554UJL
NP-CG6600UL
NP-P547UL
NP-P547ULG
NP-P547ULJL
NP-P607UL+
NP-P627UL
NP-P627UL+
NP-P627ULG
NP-P627ULJL
NP-PV710UL-B
NP-PV710UL-B1
NP-PV710UL-W
NP-PV710UL-W+
NP-PV710UL-W1
NP-PV730UL-BJL
NP-PV730UL-WJL
NP-PV800UL-B
NP-PV800UL-B+
NP-PV800UL-B1
NP-PV800UL-BJL
NP-PV800UL-W
NP-PV800UL-W+
NP-PV800UL-W1
NP-PV800UL-WJL
NP-CA4200X
NP-CA4265X
NP-CA4300U
NP-CA4300W
NP-CA4305X
NP-CA4400X
NP-CD2125X
NP-CD2200W
NP-CD2300U
NP-CD2310X
NP-CR2105X
NP-CR2200X
NP-CR2205W
NP-CR2300U
NP-CR2300W
NP-CR2315X
NP-CR2400X
NP-MC333XG
NP-MC363XG
NP-MC393WJL
NP-MC423W
NP-MC423WG
NP-MC453X
NP-MC453XG
NP-MC453XJL
NP-ME383WG
NP-ME403U
NP-ME403UG
NP-ME403UJL
NP-ME423W
NP-ME423WG
NP-ME423WJL
NP-ME453X
NP-ME453XG
NP-CB4400USL
NP-CB4400WSL
NP-CB4510UL
NP-CB4510WL
NP-CB4510XL
NP-CB4550USL
NP-CB6700UL
NP-CG6510UL
NP-PE456USL
NP-PE456USLG
NP-PE456USLJL
NP-PE456WSLG
NP-PE506UL
NP-PE506ULG
NP-PE506ULJL
NP-PE506WL
NP-PE506WLG
NP-PE506WLJL

Software vendor:
Sharp NEC Display Solutions

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected projectors are configured with SNMP service enabled by default. A remote attacker can gain unauthorized access to sensitive information on the system or perform a denial of service (DoS) attack..

Install updates from vendor's website.

• https://www.sharp-nec-displays.com/global/support/info/Projector_vulnerability_202408.html
• https://jvn.jp/en/vu/JVNVU91077448/index.html