Command Injection and Buffer Overflow in Multiple Sharp NEC Displays

Stroz Friedberg's Cyber Solutions discovered multiple command injection and buffer overflow vulnerabilities affecting several Sharp NEC Display Solutions UN/UX series displays leading to unauthenticated remote code execution as the root user. For a complete listing of affected systems and remediation instructions, refer to the Vendor Advisory section below. The vulnerabilities were discovered by Stroz Friedberg’s Cyber Solutions team member Howard McGreehan.

Stroz Friedberg would like to thank Sharp NEC Display Solutions for working with us as part of our coordinated disclosure process.

Timeline:

• 03/15/21 – Initial disclosure to Sharp NEC Display Solutions
• 05/18/21 – Issues confirmed by Sharp NEC Display Solutions, firmware upgrade release dates set
• 05/27/21 – CVEs assigned by Sharp NEC Display Solutions
• 06/09/21 – Firmware updates released, Sharp NEC Display Solutions discloses vulnerabilities
• 07/06/22 – Stroz Friedberg advisory released
  
  

Vulnerability Listing / Credits:

• CVE-2021-20698 - Command Injection
• CVE-2021-20699 - Buffer Overflow
  
  

Vendor Advisory:

https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html 

Command Injection and Buffer Overflow in Multiple Sharp NEC Display Solutions UN/UX Series Displays

Overview

Multiple command injection and buffer overflow vulnerabilities were discovered in the “cgictrl” binary within the administrative web consoles of Sharp NEC Display Solutions UN/UX series displays. These vulnerabilities can be triggered by sending specially crafted HTTP requests to the vulnerable binary. Exploiting these vulnerabilities may allow unauthenticated remote attackers to execute arbitrary code on the system as the root user, completely compromising the device.

Remediation

Refer to the Vendor Advisory for a complete list of firmware versions in which this vulnerability has been fixed and further instructions on how to upgrade the affected systems.