gsd-2023-7077
Vulnerability from gsd
Modified
2023-12-23 06:01
Details
Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-7077"
],
"details": "Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.\n\n",
"id": "GSD-2023-7077",
"modified": "2023-12-23T06:01:21.054174Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt-info@cyber.jp.nec.com",
"ID": "CVE-2023-7077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Sharp NEC Display Solutions, Ltd."
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Mr. Tunahan TEKEO\u011eLU of the Senior Cyber Security Consultant"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-22",
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html",
"refsource": "MISC",
"url": "https://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_e705_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C120DB1-F486-43FB-9324-5E4F14E67C94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_e705:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6360B5C-24A9-4D01-B799-58BF555662DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_e805_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE57C71-303F-476A-A459-0B6E97EA6E29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_e805:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86A76EBA-7A91-40A5-A4D3-578E3F71BDAC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_e905_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC2AE11-3B19-479C-880E-E4E1ACAB8B33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_e905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D9AC4E-607F-4FC5-A7A0-8BC8EB6BF4BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_md551c8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2872F9-E9CF-40FC-8720-713001BBA245",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_md551c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22B3A8A2-7BC1-48C3-AAD4-A30033D39D6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_p403_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6569274-749A-464D-843D-AB23E5CF103D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_p403:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCD0E69-06DF-4F40-AC3B-049C862FB7AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_p463_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31B7B7BC-6053-4366-AC1B-816023DE4FBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_p463:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8167A24-ACBF-4829-B545-E2F67350B953",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_p553_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7EA4DE-9D91-4506-A3A1-401E370BC87D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_p553:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8508626-5879-478A-81A6-3F74293DF6D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_p703_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA0A922-4290-4C5C-B983-4F2AF07CD793",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_p703:-:*:*:*:*:*:*:*",
"matchCriteriaId": "691F39E9-AE1E-492D-B771-DF3C77E0591B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_p801_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC23A84-F5B9-4E63-9947-3902FC935006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_p801:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA28F7A6-26F4-40F1-BFC9-51ECED6081EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_un551s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "532E8B17-EBA4-4D1A-AF5C-432F11FFBC92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_un551s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "044D46DD-9007-42E0-A144-A37E5678BE23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_un551vs_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C360287C-0FCB-43D7-93A7-F4368CCB89F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_un551vs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF299059-BA47-4336-8274-B3D6EAC6C914",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x464un_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11520897-1D67-4E3F-9CDF-CB4A8E4FBF8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x464un:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FDC0E10-266A-436C-9CA2-323FF7F02401",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x464uns_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5024805-3830-49DB-9CE5-3CF97628E616",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x464uns:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAF9DA1-3D52-4B99-B413-DEF67A061B83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x464unv_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "946BD29D-6E04-483D-920E-EDF2462FB029",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x464unv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DEE2858-B1DA-40AE-81D4-A549FE3AD829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x474hb_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E62E4C-B7A5-474A-92E8-CDAC61643E8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x474hb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D697B555-8419-4AE5-8222-29F10AFF743F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x551uhd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F36CC853-D2E6-4CE2-960D-F43159CB5BA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x551uhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83C1CB05-6C17-492E-B963-54ADDBC802E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x554hb_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA58CEB-C0BA-42A0-A6E3-325BEC876E82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x554hb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D487BF3D-94AA-4D9D-AB20-F026D889D12A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x554un_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "208F0248-2638-484C-B2AD-02C635083D09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x554un:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89B210A7-91F0-47A7-BA2E-EEC67EEC9AF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x554uns_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8723D2-7FD5-4631-A9DC-01C43A7746F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x554uns:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CD8355-4B38-4DD4-A02D-CBB0FC86751B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x554unv_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF42956F-1910-4897-A98F-1FD72BA99C61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x554unv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D65923F-A62B-4CCF-9ED2-BDF3C2062CDC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x555uns_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A75783E-0F9D-4637-988F-18BC7F5E7AA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x555uns:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0F8AD9-94B5-4905-A90A-CB05CBD5578B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x555unv_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "757DDD56-ABAD-4D82-BF4F-3D6524CAC262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x555unv:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15EFCA4E-D639-4BD6-AE46-6E2D452EB2BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x651uhd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30112680-A382-4518-8158-1F4193BAB2BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x651uhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B22300-FFB3-4BAC-A73A-D959A64A0277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x754hb_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC54BA7-DF14-4B30-8D96-D62CDC85DD7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x754hb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481F5FFA-BA7E-4604-B523-51F0D8CAA40E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x841uhd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "774044DF-DCB5-4785-9B5D-E6D48042FB80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x841uhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4522E14C-57AD-4A1F-B1DD-14D66ECEA379",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:nec_x981uhd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7CA050-2E5B-4458-9149-E41DA7757DE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:nec_x981uhd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B932677E-D6D2-4238-90EA-1BA752693A06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.\n\n"
},
{
"lang": "es",
"value": "Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551 S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) permite a un atacante ejecutar c\u00f3digo remoto enviando par\u00e1metros no deseados en una solicitud http."
}
],
"id": "CVE-2023-7077",
"lastModified": "2024-02-14T19:14:00.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T07:15:09.690",
"references": [
{
"source": "psirt-info@cyber.jp.nec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html"
}
],
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt-info@cyber.jp.nec.com",
"type": "Secondary"
}
]
}
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.