This is the top of the page.
Displaying present location in the site.
  1. Home
  2. support
  3. Vulnerabilities in public displays
Main content starts here.

Vulnerabilities in public displays

CVE Identifier: CVE-2021-20698, CVE-2021-20699

Description

The following Public Displays allows an attacker arbitrary command or program execution.

Products

Models

UN462A, UN462VA, UN492S, UN492VS, UN552A, UN552S, UN552VS, UN552, UN552V, UX552S, UX552

Firmware version

R1.300 and prior to it

Models

V864Q, C861Q, P754Q, V754Q, C751Q, V984Q, C981Q, P654Q, V654Q, C651Q, V554Q

Firmware version

R2.000 and prior to it

Models

P404, P484, P554, V404, V484, V554, V404-T, V484-T, V554-T

Firmware version

R3.201 and prior to it

Models

C501, C551, C431

Firmware version

R2.000 and prior to it

Workaround

Please refer the below URL to update the latest firmware.
https://www.sharp-nec-displays.com/dl/en/dp_soft/pd_fm_update/index.html

Alternative:
Apply following workaround to avoid the effects of this vulnerability.

  • Use the product only in a safe intranet protected by a firewall and do not connect the product to the Internet.

The above workaround prevent illegal access to the product. Therefore, it does not require to update the firmware.
If it is difficult to take the above workaround due to a network configuration and etc., please update the firmware.

Reference

Acknowledgements

Thanks to Mr. Howard McGreehan of the Aon's Cyber Solutions for reporting this vulnerability.

Top of this page