Strix
26.1K

CVE-2021-20699

CRITICALCVSS 9.8/10EPSS 1.66%

Last modified

CVE-2021-20699 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request.. EPSS estimates a 1.66% chance of exploitation in the next 30 days.

Description

Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.66%

73.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Sharp-Nec-DisplaysUn462a Firmware<= r1.300
Sharp-Nec-DisplaysUn462va Firmware<= r1.300
Sharp-Nec-DisplaysUn492s Firmware<= r1.300
Sharp-Nec-DisplaysUn492vs Firmware<= r1.300
Sharp-Nec-DisplaysUn552a Firmware<= r1.300
Sharp-Nec-DisplaysUn552s Firmware<= r1.300
Sharp-Nec-DisplaysUn552vs Firmware<= r1.300
Sharp-Nec-DisplaysUn552 Firmware<= r1.300
Sharp-Nec-DisplaysUn552v Firmware<= r1.300
Sharp-Nec-DisplaysUx552s Firmware<= r1.300
Sharp-Nec-DisplaysUx552 Firmware<= r1.300
Sharp-Nec-DisplaysV864q Firmware<= r2.000
Sharp-Nec-DisplaysC861q Firmware<= r2.000
Sharp-Nec-DisplaysP754q Firmware<= r2.000
Sharp-Nec-DisplaysV754q Firmware<= r2.000
Sharp-Nec-DisplaysC751q Firmware<= r2.000
Sharp-Nec-DisplaysV984q Firmware<= r2.000
Sharp-Nec-DisplaysC981q Firmware<= r2.000
Sharp-Nec-DisplaysP654q Firmware<= r2.000
Sharp-Nec-DisplaysV654q Firmware<= r2.000
Sharp-Nec-DisplaysC651q Firmware<= r2.000
Sharp-Nec-DisplaysV554q Firmware<= r2.000
Sharp-Nec-DisplaysP404 Firmware<= r3.201
Sharp-Nec-DisplaysP484 Firmware<= r3.201
Sharp-Nec-DisplaysP554 Firmware<= r3.201
Sharp-Nec-DisplaysV404 Firmware<= r3.201
Sharp-Nec-DisplaysV484 Firmware<= r3.201
Sharp-Nec-DisplaysV554 Firmware<= r3.201
Sharp-Nec-DisplaysV404-T Firmware<= r3.201
Sharp-Nec-DisplaysV484-T Firmware<= r3.201
Sharp-Nec-DisplaysV554-T Firmware<= r3.201
Sharp-Nec-DisplaysC501 Firmware<= r2.000
Sharp-Nec-DisplaysC551 Firmware<= r2.000
Sharp-Nec-DisplaysC431 Firmware<= r2.000

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-20699?
Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request.
How severe is CVE-2021-20699?
CVE-2021-20699 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.66% probability of exploitation in the next 30 days.
How do I fix CVE-2021-20699?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-20699?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST