CVE-2021-20699

Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sharp-nec-displays:un462a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:un462a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sharp-nec-displays:un462va_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:un462va:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sharp-nec-displays:un492s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:un492s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:sharp-nec-displays:un492vs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:un492vs:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:sharp-nec-displays:un552a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:un552a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:sharp-nec-displays:un552s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:un552s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:sharp-nec-displays:un552vs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:un552vs:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:sharp-nec-displays:un552_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:un552:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:sharp-nec-displays:un552v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:un552v:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:sharp-nec-displays:ux552s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:ux552s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:sharp-nec-displays:ux552_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:ux552:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:sharp-nec-displays:v864q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:v864q:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:sharp-nec-displays:c861q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:c861q:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:sharp-nec-displays:p754q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:p754q:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:sharp-nec-displays:v754q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:v754q:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:sharp-nec-displays:c751q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:c751q:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:sharp-nec-displays:v984q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:v984q:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:sharp-nec-displays:c981q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:c981q:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:sharp-nec-displays:p654q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:p654q:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:sharp-nec-displays:v654q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:v654q:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:sharp-nec-displays:c651q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:c651q:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:sharp-nec-displays:v554q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:v554q:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:sharp-nec-displays:p404_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:p404:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:sharp-nec-displays:p484_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:p484:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:sharp-nec-displays:p554_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:p554:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:sharp-nec-displays:v404_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:v404:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:sharp-nec-displays:v484_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:v484:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:sharp-nec-displays:v554_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:v554:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:sharp-nec-displays:v404-t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:v404-t:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:sharp-nec-displays:v484-t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:v484-t:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:sharp-nec-displays:v554-t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:v554-t:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:sharp-nec-displays:c501_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:c501:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:sharp-nec-displays:c551_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:c551:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:sharp-nec-displays:c431_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp-nec-displays:c431:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:29

Type	Values Removed	Values Added
References	~~(MISC) https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html - Vendor Advisory~~	() https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html -

Information

Published : 2021-06-07 14:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-20699

Mitre link : CVE-2021-20699

CVE.ORG link : CVE-2021-20699

JSON object : View

Products Affected

sharp-nec-displays

p484
v984q_firmware
p754q
v404_firmware
c751q
un492vs
c551_firmware
v554q_firmware
c861q_firmware
p404
c651q
un552s_firmware
un552vs
v864q
v554_firmware
un552vs_firmware
c431_firmware
v754q
un492vs_firmware
c751q_firmware
un492s_firmware
v984q
un552v
p484_firmware
un492s
c651q_firmware
un462a
un552s
p654q_firmware
v484_firmware
c431
v864q_firmware
p404_firmware
v404
v404-t
un552a
ux552s
v654q
v554q
c501_firmware
v554
v484-t
v754q_firmware
p554_firmware
un462va_firmware
ux552
un552
p554
c981q
p654q
un552a_firmware
c981q_firmware
p754q_firmware
c551
ux552_firmware
c861q
v654q_firmware
v404-t_firmware
v554-t
un462a_firmware
v484
c501
v484-t_firmware
un552_firmware
ux552s_firmware
v554-t_firmware
un462va
un552v_firmware

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

9.8 /10