CVSS: 10.0EPSS: 0%CPEs: 68EXPL: 0CVE-2021-20699
https://notcve.org/view.php?id=CVE-2021-20699
Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request. Sharp NEC Displays ((UN462A R1.300 y anteriores, UN462VA R1.300 y anteriores, UN492S R1.300 y anteriores, UN492VS versiones R1.300 y anteriores, UN552A versiones R1.300 y anteriores, UN552S versiones R1.300 y anteriores, UN552VS versiones R1.300 y anteriores, UN552 versiones R1.300 y anteriores, UN552V versiones R1.300 y anteriores, UN552V versiones R1. 300 y anteriores, UX552S versiones R1.300 y anteriores, UX552 versiones R1.300 y anteriores, V864Q versiones R2.000 y anteriores, C861Q versiones R2.000 y anteriores, P754Q versiones R2.000 y anteriores, V754Q versiones R2.000 y anteriores, C751Q versiones R2.000 y anteriores, V984Q versiones R2.000 y anteriores, C981Q versiones R2.000 y anteriores, P654Q versiones R2. 000 y anteriores, V654Q versiones R2.000 y anteriores, C651Q versiones R2.000 y anteriores, V554Q versiones R2.000 y anteriores, P404 versiones R3.200 y anteriores, P484 versiones R3.200 y anteriores, P554 versiones R3.200 y anteriores, V404 versiones R3.200 y anteriores, V484 versiones R3.200 y anteriores, V554 versiones R3.200 y anteriores, V404-T versiones R3. 200 y anteriores, V484-T versiones R3.200 y anteriores, V554-T versiones R3.200 y anteriores, C501 versiones R2.000 y anteriores, C551 versiones R2.000 y anteriores, C431 versiones R2.000 y anteriores) permite a un atacante un desbordamiento de búfer y ejecutar código remoto mediante el envío de parámetros largos que contienen caracteres específicos en la petición http • https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 68EXPL: 0CVE-2021-20698
https://notcve.org/view.php?id=CVE-2021-20698
Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request. Sharp NEC Displays (UN462A versiones R1.300 y anteriores, UN462VA versiones R1.300 y anteriores, UN492S versionesR1.300 y anteriores, UN492VS versiones R1.300 y anteriores, UN552A versiones R1.300 y anteriores, UN552S versiones R1.300 y anteriores, UN552VSversiones R1.300 y anteriores, UN552 versiones R1.300 y anteriores, UN552V versiones R1.300 y anteriores, UN552V versiones R1.300 y anteriores, UX552S versiones R1. 300 y anteriores, UX552 versiones R1.300 y anteriores, V864Q versiones R2.000 y anteriores, C861Q versiones R2.000 y anteriores, P754Q versiones R2.000 y anteriores, V754Q versiones R2.000 y anteriores, C751Q versiones R2.000 y anteriores, V984Q versiones R2.000 y anteriores, C981Q versiones R2.000 y anteriores, P654Q versiones R2.000 y anteriores, V654Q versiones R2. 000 y anteriores, C651Q versiones R2.000 y anteriores, V554Q versiones R2.000 y anteriores, P404 versiones R3.200 y anteriores, P484 versiones R3.200 y anteriores, P554 versiones R3.200 y anteriores, V404 versiones R3.200 y anteriores, V484 versiones R3.200 y anteriores, V554 versiones R3.200 y anteriores, V404-T versiones R3.200 y anteriores, V484-T versiones R3. 200 y anteriores, V554-T versiones R3.200 y anteriores, C501 versiones R2.000 y anteriores, C551 versiones R2.000 y anteriores, C431 versiones R2.000 y anteriores) permite a un atacante obtener privilegios de root y ejecutar código remoto mediante el envío de parámetros no deseados que contengan caracteres específicos en la solicitud http • https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20711
https://notcve.org/view.php?id=CVE-2021-20711
Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Un firmware Aterm WG2600HS versiones Ver1.5.1 y anteriores, permite a un atacante ejecutar comandos arbitrarios del Sistema Operativo por medio de vectores no especificados • https://jpn.nec.com/security-info/secinfo/nv21-010.html https://jvn.jp/en/jp/JVN29739718/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20712
https://notcve.org/view.php?id=CVE-2021-20712
Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed from the WAN side due to the defect in the IPv6 firewall function. Una vulnerabilidad de control de acceso inapropiado en NEC Aterm WG2600HS versiones de firmware Ver1.5.1 y anteriores, y Aterm WX3000HP versiones de firmware Ver1.1.2 y anteriores, permite acceder a un dispositivo conectado al lado LAN desde el lado WAN debido al defecto en la función firewall IPv6 • https://jpn.nec.com/security-info/secinfo/nv21-010.html https://jvn.jp/en/jp/JVN29739718/index.html •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20709
https://notcve.org/view.php?id=CVE-2021-20709
Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL. Una validación inapropiada de la vulnerabilidad del valor de comprobación de integridad en NEC Aterm WF1200CR firmware Ver1.3.2 y anterior, Aterm WG1200CR firmware Ver1.3.3 y anterior, y Aterm WG2600HS firmware Ver1.5.1 y anterior permite a un atacante con privilegios administrativos ejecutar comandos arbitrarios del Sistema Operativo mediante el envio de una petición especialmente diseñada a una URL específica • https://jpn.nec.com/security-info/secinfo/nv21-010.html https://jvn.jp/en/jp/JVN29739718/index.html • CWE-354: Improper Validation of Integrity Check Value •