Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by benq
CVE-2021-37911 (GCVE-0-2021-37911)
Vulnerability from cvelistv5 – Published: 2021-08-30 14:35 – Updated: 2024-09-16 20:27
VLAI?
Summary
The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork.
Severity ?
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Date Public ?
2021-08-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5047-7ef35-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"AOSP 6.0"
],
"product": "EH600 OTA",
"vendor": "BenQ",
"versions": [
{
"lessThanOrEqual": "v01.00.30.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "BenQ"
}
],
"datePublic": "2021-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The management interface of BenQ smart wireless conference projector does not properly control user\u0027s privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T14:35:11.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5047-7ef35-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update EH600 OTA to v01.00.30.00 (AOSP 6.0)"
}
],
"source": {
"advisory": "TVN-202108008",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-08-30T14:21:00.000Z",
"ID": "CVE-2021-37911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EH600 OTA",
"version": {
"version_data": [
{
"platform": "AOSP 6.0",
"version_affected": "\u003c=",
"version_value": "v01.00.30.00"
}
]
}
}
]
},
"vendor_name": "BenQ"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "BenQ"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management interface of BenQ smart wireless conference projector does not properly control user\u0027s privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5047-7ef35-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5047-7ef35-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update EH600 OTA to v01.00.30.00 (AOSP 6.0)"
}
],
"source": {
"advisory": "TVN-202108008",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37911",
"datePublished": "2021-08-30T14:35:11.642Z",
"dateReserved": "2021-08-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:27:17.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}