7.2
CVE-2021-27942
- EPSS 0.45%
- Veröffentlicht 03.08.2021 18:15:08
- Zuletzt bearbeitet 21.11.2024 05:58:52
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginVizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vizio ≫ P65-f1 Firmware Version6.0.31.4-2
Vizio ≫ E50x-e1 Firmware Version10.0.31.4-2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.355 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
https://www.l9group.com/advisories/vizio-tv-code-execution-from-a-usb-drive