jvndb - jvndb-2024-001882

jvndb-2024-001882

Vulnerability from jvndb

Published

2024-02-07 14:25

Modified

2024-07-11 14:27

Severity

9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Sharp NEC Display Solutions' public displays vulnerable to local file inclusion

Details

Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain a local file inclusion vulnerability (CWE-22, CVE-2023-7077). Tunahan TEKEOĞLU of Senior Cyber Security Consultant reported this vulnerability to Sharp NEC Display Solutions, Ltd. and coordinated. Sharp NEC Display Solutions, Ltd. reported this case to JPCERT/CC to notify users of the solution through JVN.

References

Type	URL
JVN	https://jvn.jp/en/vu/JVNVU97836276/index.html
CVE	https://www.cve.org/CVERecord?id=CVE-2023-7077
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-7077
Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor	Product
Sharp NEC Display Solutions, Ltd.	(Multiple Product)

Show details on JVN DB website

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001882.html",
  "dc:date": "2024-07-11T14:27+09:00",
  "dcterms:issued": "2024-02-07T14:25+09:00",
  "dcterms:modified": "2024-07-11T14:27+09:00",
  "description": "Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain a local file inclusion vulnerability (CWE-22, CVE-2023-7077).\r\n\r\nTunahan TEKEO\u0026#286;LU of Senior Cyber Security Consultant reported this vulnerability to Sharp NEC Display Solutions, Ltd. and coordinated. Sharp NEC Display Solutions, Ltd. reported this case to JPCERT/CC to notify users of the solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001882.html",
  "sec:cpe": {
    "#text": "cpe:/a:sharp-nec-displays:multiple_product",
    "@product": "(Multiple Product)",
    "@vendor": "Sharp NEC Display Solutions, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "9.8",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-001882",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU97836276/index.html",
      "@id": "JVNVU#97836276",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-7077",
      "@id": "CVE-2023-7077",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-7077",
      "@id": "CVE-2023-7077",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "Sharp NEC Display Solutions\u0027 public displays vulnerable to local file inclusion"
}

cve-2023-7077

Vulnerability from cvelistv5

Published

2024-02-05 06:57

Modified

2024-08-02 08:50

Severity

Summary

Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.

References

URL	Tags
https://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html

Impacted products

Vendor	Product
Sharp NEC Display Solutions, Ltd.	P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:50:08.018Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8",
          "vendor": "Sharp NEC Display Solutions, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "all"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Mr. Tunahan TEKEO\u011eLU of the Senior Cyber Security Consultant"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.\u003c/p\u003e"
            }
          ],
          "value": "Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-05T06:57:45.928Z",
        "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "shortName": "NEC"
      },
      "references": [
        {
          "url": "https://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
    "assignerShortName": "NEC",
    "cveId": "CVE-2023-7077",
    "datePublished": "2024-02-05T06:57:45.928Z",
    "dateReserved": "2023-12-22T09:20:27.202Z",
    "dateUpdated": "2024-08-02T08:50:08.018Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.