#VU56693 Command Injection in Sharp NEC Display Solutions products - CVE-2021-20698
Published: September 20, 2021
Vulnerability identifier: #VU56693
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2021-20698
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
UN462A
UN462VA
UN492S
UN492VS
UN552A
UN552S
UN552VS
UN552
UN552V
UX552S
UX552
V864Q
C861Q
P754Q
V754Q
C751Q
V984Q
C981Q
P654Q
V654Q
C651Q
V554Q
P404
P484
P554
V404
V484
V554
V404-T
V484-T
V554-T
C501
C551
C431
UN462A
UN462VA
UN492S
UN492VS
UN552A
UN552S
UN552VS
UN552
UN552V
UX552S
UX552
V864Q
C861Q
P754Q
V754Q
C751Q
V984Q
C981Q
P654Q
V654Q
C651Q
V554Q
P404
P484
P554
V404
V484
V554
V404-T
V484-T
V554-T
C501
C551
C431
Software vendor:
Sharp NEC Display Solutions
Sharp NEC Display Solutions
Description
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.