sharp-nec-display un462a_firmware 在命令中使用的特殊元素转义处理不恰当（命令注入）

admin

0
文章

0
评论

2023-12-01 14:19:49 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

sharp-nec-display un462a_firmware 在命令中使用的特殊元素转义处理不恰当（命令注入）

CVE编号

CVE-2021-20698

利用情况

暂无

补丁情况

N/A

披露时间

2021-06-07

漏洞描述

Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	sharp-nec-display	c651q_firmware	*		Up to (including) r2.000
	运行在以下环境
	系统	sharp-nec-display	c751q_firmware	*		Up to (including) r2.000
	运行在以下环境
	系统	sharp-nec-display	c861q_firmware	*		Up to (including) r2.000
	运行在以下环境
	系统	sharp-nec-display	c981q_firmware	*		Up to (including) r2.000
	运行在以下环境
	系统	sharp-nec-display	p654q_firmware	*		Up to (including) r2.000
	运行在以下环境
	系统	sharp-nec-display	p754q_firmware	*		Up to (including) r2.000
	运行在以下环境
	系统	sharp-nec-display	un462a_firmware	*		Up to (including) r1.300
	运行在以下环境
	系统	sharp-nec-display	un462va_firmware	*		Up to (including) r1.300
	运行在以下环境
	系统	sharp-nec-display	un492s_firmware	*		Up to (including) r1.300
	运行在以下环境
	系统	sharp-nec-display	un492vs_firmware	*		Up to (including) r1.300
	运行在以下环境
	系统	sharp-nec-display	un552a_firmware	*		Up to (including) r1.300
	运行在以下环境
	系统	sharp-nec-display	un552s_firmware	*		Up to (including) r1.300
	运行在以下环境
	系统	sharp-nec-display	un552vs_firmware	*		Up to (including) r1.300
	运行在以下环境
	系统	sharp-nec-display	un552v_firmware	*		Up to (including) r1.300
	运行在以下环境
	系统	sharp-nec-display	un552_firmware	*		Up to (including) r1.300
	运行在以下环境
	系统	sharp-nec-display	ux552s_firmware	*		Up to (including) r1.300
	运行在以下环境
	系统	sharp-nec-display	v554q_firmware	*		Up to (including) r2.000
	运行在以下环境
	系统	sharp-nec-display	v654q_firmware	*		Up to (including) r2.000
	运行在以下环境
	系统	sharp-nec-display	v754q_firmware	*		Up to (including) r2.000
	运行在以下环境
	系统	sharp-nec-display	v864q_firmware	*		Up to (including) r2.000
	运行在以下环境
	系统	sharp-nec-display	v964q_firmware	*		Up to (including) r2.000
	运行在以下环境
	硬件	sharp-nec-display	c651q	-	-
	运行在以下环境
	硬件	sharp-nec-display	c751q	-	-
	运行在以下环境
	硬件	sharp-nec-display	c861q	-	-
	运行在以下环境
	硬件	sharp-nec-display	c981q	-	-
	运行在以下环境
	硬件	sharp-nec-display	p654q	-	-
	运行在以下环境
	硬件	sharp-nec-display	p754q	-	-
	运行在以下环境
	硬件	sharp-nec-display	un462a	-	-
	运行在以下环境
	硬件	sharp-nec-display	un462va	-	-
	运行在以下环境
	硬件	sharp-nec-display	un492s	-	-
	运行在以下环境
	硬件	sharp-nec-display	un492vs	-	-
	运行在以下环境
硬件	sharp-nec-display	un552	-	-
运行在以下环境
硬件	sharp-nec-display	un552a	-	-
运行在以下环境
硬件	sharp-nec-display	un552s	-	-
运行在以下环境
硬件	sharp-nec-display	un552v	-	-
运行在以下环境
硬件	sharp-nec-display	un552vs	-	-
运行在以下环境
硬件	sharp-nec-display	ux552s	-	-
运行在以下环境
硬件	sharp-nec-display	v554q	-	-
运行在以下环境
硬件	sharp-nec-display	v654q	-	-
运行在以下环境
硬件	sharp-nec-display	v754q	-	-
运行在以下环境
硬件	sharp-nec-display	v864q	-	-
运行在以下环境
硬件	sharp-nec-display	v964q	-	-