Aon’s Cyber Solutions discovered multiple command injection and buffer overflow vulnerabilities affecting several Sharp NEC Display Solutions UN/UX series displays leading to unauthenticated remote code execution as the root user. For a complete listing of affected systems and remediation instructions, refer to the Vendor Advisory section below. The vulnerabilities were discovered by Aon’s Cyber Solutions team member Howard McGreehan.
Aon would like to thank Sharp NEC Display Solutions for working with us as part of our coordinated disclosure process.
Timeline:
03/15/21 – Initial disclosure to Sharp NEC Display Solutions
05/18/21 – Issues confirmed by Sharp NEC Display Solutions, firmware upgrade release dates set
05/27/21 – CVEs assigned by Sharp NEC Display Solutions
06/09/21 – Firmware updates released, Sharp NEC Display Solutions discloses vulnerabilities
07/06/22 – Aon advisory released
Vulnerability Listing / Credits:
- CVE-2021-20698: Howard McGreehan
- CVE-2021-20699: Howard McGreehan
Vendor Advisory:
https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html
Command Injection and Buffer Overflow in Multiple Sharp NEC Display Solutions UN/UX Series Displays
Overview
Multiple command injection and buffer overflow vulnerabilities were discovered in the “cgictrl” binary within the administrative web consoles of Sharp NEC Display Solutions UN/UX series displays. These vulnerabilities can be triggered by sending specially crafted HTTP requests to the vulnerable binary. Exploiting these vulnerabilities may allow unauthenticated remote attackers to execute arbitrary code on the system as the root user, completely compromising the device.
Remediation
Refer to the Vendor Advisory for a complete list of firmware versions in which this vulnerability has been fixed and further instructions on how to upgrade the affected systems.
Author: Howard McGreehan
July 6, 2022
©Aon plc 2022