CVE Identifier: CVE-2021-20698, CVE-2021-20699

Description

The following Public Displays allows an attacker arbitrary command or program execution.

Products

Models

UN462A, UN462VA, UN492S, UN492VS, UN552A, UN552S, UN552VS, UN552, UN552V, UX552S, UX552

Firmware version

R1.300 and prior to it

Models

V864Q, C861Q, P754Q, V754Q, C751Q, V984Q, C981Q, P654Q, V654Q, C651Q, V554Q

Firmware version

R2.000 and prior to it

Models

P404, P484, P554, V404, V484, V554, V404-T, V484-T, V554-T

Firmware version

R3.201 and prior to it

Models

C501, C551, C431

Firmware version

R2.000 and prior to it

Workaround

Please refer the below URL to update the latest firmware.
https://www.sharp-nec-displays.com/dl/en/dp_soft/pd_fm_update/index.html

Alternative:
Apply following workaround to avoid the effects of this vulnerability.

• Use the product only in a safe intranet protected by a firewall and do not connect the product to the Internet.

The above workaround prevent illegal access to the product. Therefore, it does not require to update the firmware.
If it is difficult to take the above workaround due to a network configuration and etc., please update the firmware.

Reference

• CVE-2021-20698
• CVE-2021-20699

Acknowledgements

Thanks to Mr. Howard McGreehan of the Aon's Cyber Solutions for reporting this vulnerability.