Local File Inclusion in Sharp NEC Display Solutions Hardware solutions

#VU86167 Local File Inclusion in Sharp NEC Display Solutions Hardware solutions

Published: 2024-02-06

Vulnerability identifier: #VU86167

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-7077

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: No

Vendor: Sharp NEC Display Solutions

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

P403: All versions

P463: All versions

P553: All versions

P703: All versions

P801: All versions

X554UN: All versions

X464UN: All versions

X554UNS: All versions

X464UNV: All versions

X474HB: All versions

X464UNS: All versions

X554UNV: All versions

X555UNS: All versions

X555UNV: All versions

X754HB: All versions

X554HB: All versions

E705: All versions

E805: All versions

E905: All versions

UN551S: All versions

UN551VS: All versions

X551UHD: All versions

X651UHD: All versions

X841UHD: All versions

X981UHD: All versions

MD551C8: All versions

External links
http://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html
http://jvn.jp/en/vu/JVNVU97836276/index.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Local File Inclusion in Sharp NEC Display Solutions Public Displays