10
CVE-2021-20699
- EPSS 0.53%
- Veröffentlicht 07.06.2021 14:15:07
- Zuletzt bearbeitet 08.12.2025 08:15:49
- Quelle psirt-info@cyber.jp.nec.com
- CVE-Watchlists
- Unerledigt
LoginSharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sharp-nec-displays ≫ Un462a Firmware Version <= r1.300
Sharp-nec-displays ≫ Un462va Firmware Version <= r1.300
Sharp-nec-displays ≫ Un492s Firmware Version <= r1.300
Sharp-nec-displays ≫ Un492vs Firmware Version <= r1.300
Sharp-nec-displays ≫ Un552a Firmware Version <= r1.300
Sharp-nec-displays ≫ Un552s Firmware Version <= r1.300
Sharp-nec-displays ≫ Un552vs Firmware Version <= r1.300
Sharp-nec-displays ≫ Un552 Firmware Version <= r1.300
Sharp-nec-displays ≫ Un552v Firmware Version <= r1.300
Sharp-nec-displays ≫ Ux552s Firmware Version <= r1.300
Sharp-nec-displays ≫ Ux552 Firmware Version <= r1.300
Sharp-nec-displays ≫ V864q Firmware Version <= r2.000
Sharp-nec-displays ≫ C861q Firmware Version <= r2.000
Sharp-nec-displays ≫ P754q Firmware Version <= r2.000
Sharp-nec-displays ≫ V754q Firmware Version <= r2.000
Sharp-nec-displays ≫ C751q Firmware Version <= r2.000
Sharp-nec-displays ≫ V984q Firmware Version <= r2.000
Sharp-nec-displays ≫ C981q Firmware Version <= r2.000
Sharp-nec-displays ≫ P654q Firmware Version <= r2.000
Sharp-nec-displays ≫ V654q Firmware Version <= r2.000
Sharp-nec-displays ≫ C651q Firmware Version <= r2.000
Sharp-nec-displays ≫ V554q Firmware Version <= r2.000
Sharp-nec-displays ≫ P404 Firmware Version <= r3.201
Sharp-nec-displays ≫ P484 Firmware Version <= r3.201
Sharp-nec-displays ≫ P554 Firmware Version <= r3.201
Sharp-nec-displays ≫ V404 Firmware Version <= r3.201
Sharp-nec-displays ≫ V484 Firmware Version <= r3.201
Sharp-nec-displays ≫ V554 Firmware Version <= r3.201
Sharp-nec-displays ≫ V404-t Firmware Version <= r3.201
Sharp-nec-displays ≫ V484-t Firmware Version <= r3.201
Sharp-nec-displays ≫ V554-t Firmware Version <= r3.201
Sharp-nec-displays ≫ C501 Firmware Version <= r2.000
Sharp-nec-displays ≫ C551 Firmware Version <= r2.000
Sharp-nec-displays ≫ C431 Firmware Version <= r2.000
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.662 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.