Local File Inclusion in Sharp NEC Display Solutions Public Displays
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-7077 |
| CWE-ID | CWE-94 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
P403 Hardware solutions / Firmware P463 Hardware solutions / Firmware P553 Hardware solutions / Firmware P703 Hardware solutions / Firmware P801 Hardware solutions / Firmware X554UN Hardware solutions / Firmware X464UN Hardware solutions / Firmware X554UNS Hardware solutions / Firmware X464UNV Hardware solutions / Firmware X474HB Hardware solutions / Firmware X464UNS Hardware solutions / Firmware X554UNV Hardware solutions / Firmware X555UNS Hardware solutions / Firmware X555UNV Hardware solutions / Firmware X754HB Hardware solutions / Firmware X554HB Hardware solutions / Firmware E705 Hardware solutions / Firmware E805 Hardware solutions / Firmware E905 Hardware solutions / Firmware UN551S Hardware solutions / Firmware UN551VS Hardware solutions / Firmware X551UHD Hardware solutions / Firmware X651UHD Hardware solutions / Firmware X841UHD Hardware solutions / Firmware X981UHD Hardware solutions / Firmware MD551C8 Hardware solutions / Firmware |
| Vendor | Sharp NEC Display Solutions |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Local File Inclusion
EUVDB-ID: #VU86167
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-7077
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsP403: All versions
P463: All versions
P553: All versions
P703: All versions
P801: All versions
X554UN: All versions
X464UN: All versions
X554UNS: All versions
X464UNV: All versions
X474HB: All versions
X464UNS: All versions
X554UNV: All versions
X555UNS: All versions
X555UNV: All versions
X754HB: All versions
X554HB: All versions
E705: All versions
E805: All versions
E905: All versions
UN551S: All versions
UN551VS: All versions
X551UHD: All versions
X651UHD: All versions
X841UHD: All versions
X981UHD: All versions
MD551C8: All versions
CPE2.3- cpe:2.3:h:sharp_nec_display_solutions:p403:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:p463:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:p553:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:p703:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:p801:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x554un:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x464un:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x554uns:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x464unv:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x474hb:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x464uns:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x554unv:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x555uns:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x555unv:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x754hb:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x554hb:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:e705:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:e805:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:e905:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:un551s:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:un551vs:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x551uhd:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x651uhd:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x841uhd:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:x981uhd:*:*:*:*:*:*:*:*
- cpe:2.3:h:sharp_nec_display_solutions:md551c8:*:*:*:*:*:*:*:*
http://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html
http://jvn.jp/en/vu/JVNVU97836276/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
