CWE-1242
Inclusion of Undocumented Features or Chicken Bits
The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
CVE-2017-20204 (GCVE-0-2017-20204)
Vulnerability from cvelistv5 – Published: 2025-10-15 01:20 – Updated: 2025-10-15 19:56
VLAI?
Title
DBLTek GoIP Telnet Admin Interface Undocumented Backdoor
Summary
DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response can be computed from the challenge itself, a remote attacker can authenticate without knowledge of a secret and obtain a root shell on the device. This can lead to persistent remote code execution, full device compromise, and arbitrary control of the device and any managed services. The firmware used within these devices was updated in December 2016 to make this vulnerability more complex to exploit. However, it is unknown if DBLTek has taken steps to fully mitigate.
Severity ?
CWE
- CWE-1242 - Inclusion of Undocumented Features or Chicken Bits
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DBL Technology (DBLTek) | GoIP |
Affected:
*
|
Credits
SpiderLabs/Trustwave/LevelBlue
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20204",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T19:53:59.880259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T19:56:35.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GoIP",
"vendor": "DBL Technology (DBLTek)",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SpiderLabs/Trustwave/LevelBlue"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge\u2013response scheme which is fundamentally flawed. Because the challenge response can be computed from the challenge itself, a remote attacker can authenticate without knowledge of a secret and obtain a root shell on the device. This can lead to persistent remote code execution, full device compromise, and arbitrary control of the device and any managed services. The firmware used within these devices was updated in December 2016 to make this vulnerability more complex to exploit. However, it is unknown if DBLTek has taken steps to fully mitigate."
}
],
"value": "DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge\u2013response scheme which is fundamentally flawed. Because the challenge response can be computed from the challenge itself, a remote attacker can authenticate without knowledge of a secret and obtain a root shell on the device. This can lead to persistent remote code execution, full device compromise, and arbitrary control of the device and any managed services. The firmware used within these devices was updated in December 2016 to make this vulnerability more complex to exploit. However, it is unknown if DBLTek has taken steps to fully mitigate."
}
],
"impacts": [
{
"capecId": "CAPEC-443",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-443 Malicious Logic Inserted Into Product by Authorized Developer"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1242",
"description": "CWE-1242 Inclusion of Undocumented Features or Chicken Bits",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T01:20:42.502Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"product"
],
"url": "http://www.dbltek.com/"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/undocumented-backdoor-account-in-dbltek-goip/"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/JacobMisirian/DblTekGoIPPwn"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dbltek-goip-telnet-admin-interface-undocumented-backdoor"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DBLTek GoIP Telnet Admin Interface Undocumented Backdoor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2017-20204",
"datePublished": "2025-10-15T01:20:42.502Z",
"dateReserved": "2025-10-14T15:02:13.120Z",
"dateUpdated": "2025-10-15T19:56:35.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4469 (GCVE-0-2021-4469)
Vulnerability from cvelistv5 – Published: 2025-11-14 22:53 – Updated: 2025-11-17 14:38 Unsupported When Assigned
VLAI?
Title
Denver SHO-110 IP Camera Unauthenticated Snapshot Access
Summary
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Ivan Nikolsky (enty8080)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4469",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T14:38:14.369155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T14:38:39.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:denver:i:sho-110:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "SHO-110",
"vendor": "Denver",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ivan Nikolsky (enty8080)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a \u0027/snapshot\u0027 endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the \u0027snapshot\u0027 endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment."
}
],
"value": "Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a \u0027/snapshot\u0027 endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the \u0027snapshot\u0027 endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment."
}
],
"impacts": [
{
"capecId": "CAPEC-36",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1242",
"description": "CWE-1242 Inclusion of Undocumented Features or Chicken Bits",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-16T13:06:32.465Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50162"
},
{
"tags": [
"product"
],
"url": "http://old.denver.eu/products/smart-home-security/denver-sho-110/c-1024/c-1243/p-3826"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/denver-sho-110-ip-camera-unauthenticated-snapshot-access"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2021-07-29T16:00:00.000Z",
"value": "ExploitDB-50162 is publicly disclosed."
}
],
"title": "Denver SHO-110 IP Camera Unauthenticated Snapshot Access",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-4469",
"datePublished": "2025-11-14T22:53:04.754Z",
"dateReserved": "2025-11-14T20:33:38.739Z",
"dateUpdated": "2025-11-17T14:38:39.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-2103 (GCVE-0-2024-2103)
Vulnerability from cvelistv5 – Published: 2024-04-04 15:18 – Updated: 2024-08-01 19:03
VLAI?
Title
Inclusion of Undocumented Features
Summary
Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:
SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay
. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.
Severity ?
6.5 (Medium)
CWE
- CWE-1242 - Inclusion of Undocumented Features
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schweitzer Engineering Laboratories | SEL-700BT Motor Bus Transfer Relay |
Affected:
R301-V0 , < R301-V6
(custom)
Affected: R302-V0 , < R302-V1 (custom) |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Date Public ?
2024-04-04 15:00
Credits
Anonymous Researcher
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T17:11:57.943227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:59.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:39.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SEL-700BT Motor Bus Transfer Relay",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R301-V6",
"status": "affected",
"version": "R301-V0",
"versionType": "custom"
},
{
"lessThan": "R302-V1",
"status": "affected",
"version": "R302-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": " SEL-700G Generator Protection Relay",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R301-V6",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
},
{
"lessThan": "R302-V1",
"status": "affected",
"version": "R302-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SEL-710-5 Motor Protection Relay",
"vendor": "SEL-710-5 Motor Protection Relay",
"versions": [
{
"lessThan": "R302-V1",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SEL-751 Feeder Protection Relay",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R302-V3",
"status": "affected",
"version": "R101-V0",
"versionType": "custom"
},
{
"lessThan": "R400-V2",
"status": "affected",
"version": "R400-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SEL-787-2/-3/-4 Transformer Protection Relay",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R302-V1",
"status": "affected",
"version": "R100-V0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SEL-787Z High-Impedance Differential Relay",
"vendor": "Schweitzer Engineering Laboratories",
"versions": [
{
"lessThan": "R302-V3",
"status": "affected",
"version": "R302-V0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous Researcher"
}
],
"datePublic": "2024-04-04T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\u003cbr\u003eSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\u003cbr\u003e\u003cbr\u003e. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\u003cp\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "\nInclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably:\nSEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5 Motor Protection Relay, SEL-751 Feeder Protection Relay, SEL-787-2/-3/-4 Transformer Protection Relay, SEL-787Z High-Impedance Differential Relay\n\n. See product instruction manual appendix A dated 20240308 for more details regarding the SEL-751 Feeder Protection Relay. For more information for the other affected products, see their instruction manuals dated 20240329.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1242",
"description": "CWE-1242: Inclusion of Undocumented Features",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T15:57:14.010Z",
"orgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"shortName": "SEL"
},
"references": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Inclusion of Undocumented Features",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5804bb70-792c-43e0-8596-486cc0efe699",
"assignerShortName": "SEL",
"cveId": "CVE-2024-2103",
"datePublished": "2024-04-04T15:18:01.645Z",
"dateReserved": "2024-03-01T16:25:22.105Z",
"dateUpdated": "2024-08-01T19:03:39.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52564 (GCVE-0-2024-52564)
Vulnerability from cvelistv5 – Published: 2024-12-05 09:41 – Updated: 2025-01-29 04:55
VLAI?
Summary
Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered.
Severity ?
7.5 (High)
CWE
- CWE-1242 - Inclusion of undocumented features or chicken bits
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| I-O DATA DEVICE, INC. | UD-LT1 |
Affected:
firmware Ver.2.1.8 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:iodata:ud-lt1_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ud-lt1_firmware",
"vendor": "iodata",
"versions": [
{
"lessThanOrEqual": "2.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:iodata:ud-lt1\\/ex_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ud-lt1\\/ex_firmware",
"vendor": "iodata",
"versions": [
{
"lessThanOrEqual": "2.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T04:55:28.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UD-LT1",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver.2.1.8 and earlier"
}
]
},
{
"product": "UD-LT1/EX",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver.2.1.8 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1242",
"description": "Inclusion of undocumented features or chicken bits",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T09:41:39.909Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.iodata.jp/support/information/2024/11_ud-lt1/"
},
{
"url": "https://jvn.jp/en/jp/JVN46615026/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-52564",
"datePublished": "2024-12-05T09:41:39.909Z",
"dateReserved": "2024-11-14T01:18:51.324Z",
"dateUpdated": "2025-01-29T04:55:28.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54457 (GCVE-0-2024-54457)
Vulnerability from cvelistv5 – Published: 2024-12-18 06:37 – Updated: 2024-12-18 15:28
VLAI?
Summary
Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service.
Severity ?
7.2 (High)
CWE
- CWE-1242 - Inclusion of undocumented features or chicken bits
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T15:25:57.981597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T15:28:14.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AE1021",
"vendor": "FXC Inc.",
"versions": [
{
"status": "affected",
"version": "firmware versions 2.0.10 and earlier"
}
]
},
{
"product": "AE1021PE",
"vendor": "FXC Inc.",
"versions": [
{
"status": "affected",
"version": "firmware versions 2.0.10 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1242",
"description": "Inclusion of undocumented features or chicken bits",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T06:37:11.912Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fxc.jp/news/20241213"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91084137/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-54457",
"datePublished": "2024-12-18T06:37:11.912Z",
"dateReserved": "2024-12-10T07:10:13.893Z",
"dateUpdated": "2024-12-18T15:28:14.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7011 (GCVE-0-2024-7011)
Vulnerability from cvelistv5 – Published: 2024-09-27 02:45 – Updated: 2025-12-08 15:51
VLAI?
Summary
Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC332WJL, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME372WJL, NP-ME382U, NP-ME382UG, NP-ME382UJL, NP-ME402X, NP-ME402XG, NP-ME402XJL, NP-CB4500XL, NP-CG6400UL, NP-CG6400WL, NP-CG6500XL, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CB4600U, NP-CF6600U, NP-P474U, NP-P554U, NP-P554U+, NP-P554UG, NP-P554UJL, NP-CG6600UL, NP-P547UL, NP-P547ULG, NP-P547ULJL, NP-P607UL+, NP-P627UL, NP-P627UL+, NP-P627ULG, NP-P627ULJL, NP-PV710UL-B, NP-PV710UL-B1, NP-PV710UL-W, NP-PV710UL-W+, NP-PV710UL-W1, NP-PV730UL-BJL, NP-PV730UL-WJL, NP-PV800UL-B, NP-PV800UL-B+, NP-PV800UL-B1, NP-PV800UL-BJL, NP-PV800UL-W, NP-PV800UL-W+, NP-PV800UL-W1, NP-PV800UL-WJL, NP-CA4200X, NP-CA4265X, NP-CA4300U, NP-CA4300W, NP-CA4305X, NP-CA4400X, NP-CD2125X, NP-CD2200W, NP-CD2300U, NP-CD2310X, NP-CR2105X, NP-CR2200X, NP-CR2205W, NP-CR2300U, NP-CR2300W, NP-CR2315X, NP-CR2400X, NP-MC333XG, NP-MC363XG, NP-MC393WJL, NP-MC423W, NP-MC423WG, NP-MC453X, NP-MC453X, NP-MC453XG, NP-MC453XJL, NP-ME383WG, NP-ME403U, NP-ME403UG, NP-ME403UJL, NP-ME423W, NP-ME423WG, NP-ME423WJL, NP-ME453X, NP-ME453XG, NP-CB4400USL, NP-CB4400WSL, NP-CB4510UL, NP-CB4510WL, NP-CB4510XL, NP-CB4550USL, NP-CB6700UL, NP-CG6510UL, NP-PE456USL, NP-PE456USLG, NP-PE456USLJL, NP-PE456WSLG, NP-PE506UL, NP-PE506ULG, NP-PE506ULJL, NP-PE506WL, NP-PE506WLG, NP-PE506WLJL) allows an attacker to cause a denial-of-service (DoS) condition via SNMP service.
Severity ?
6.5 (Medium)
CWE
- CWE-1242 - Inclusion of Undocumented Features or Chicken Bits
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sharp Display Solutions, Ltd. | NP-CB4500UL |
Affected:
0 , < updated projector firmware
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Southern Metropolitan Cemeteries Trust JP Hofmeyr
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-7011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T14:20:39.329947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T20:07:10.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NP-CB4500UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CB4500WL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CB4700UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P525UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P525UL+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P525ULG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P525ULJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P525WL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P525WL+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P525WLG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P525WLJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CG6500UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CG6500WL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CG6700UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P605UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P605UL+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P605ULG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P605ULJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4120X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4160W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4160X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4200U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4200W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4202W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4260X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4300X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4355X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CD2100U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CD2120X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CD2300X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2100X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2170W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2170X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2200U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2200W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2280X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2310X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2350X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC302XG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC332WG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC332WJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC342XG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC372X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC372XG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC382W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC382WG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC422XG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME342UG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME372W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME372WG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME372WJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME382U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME382UG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME382UJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME402X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME402XG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME402XJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CB4500XL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CG6400UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CG6400WL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CG6500XL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE455UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE455ULG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE455WL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE455WLG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE505XLG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CB4600U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CF6600U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P474U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P554U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P554U+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P554UG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P554UJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CG6600UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P547UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P547ULG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P547ULJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P607UL+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P627UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P627UL+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P627ULG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-P627ULJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV710UL-B",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV710UL-B1",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV710UL-W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV710UL-W+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV710UL-W1",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV730UL-BJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV730UL-WJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV800UL-B",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV800UL-B+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV800UL-B1",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV800UL-BJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV800UL-W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV800UL-W+",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV800UL-W1",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PV800UL-WJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4200X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4265X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4300U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4300W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4305X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CA4400X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CD2125X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CD2200W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CD2300U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CD2310X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2105X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2200X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2205W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2300U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2300W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2315X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CR2400X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC333XG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC363XG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC393WJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC423W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC423WG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC453X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC453X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC453XG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-MC453XJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME383WG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME403U",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME403UG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME403UJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME423W",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME423WG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME423WJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME453X",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-ME453XG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CB4400USL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CB4400WSL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CB4510UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CB4510WL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CB4510XL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CB4550USL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CB6700UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-CG6510UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE456USL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE456USLG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE456USLJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE456WSLG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE506UL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE506ULG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE506ULJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE506WL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE506WLG",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "NP-PE506WLJL",
"vendor": "Sharp Display Solutions, Ltd.",
"versions": [
{
"lessThan": "updated projector firmware",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Southern Metropolitan Cemeteries Trust JP Hofmeyr"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC332WJL, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME372WJL, NP-ME382U, NP-ME382UG, NP-ME382UJL, NP-ME402X, NP-ME402XG, NP-ME402XJL, NP-CB4500XL, NP-CG6400UL, NP-CG6400WL, NP-CG6500XL, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CB4600U, NP-CF6600U, NP-P474U, NP-P554U, NP-P554U+, NP-P554UG, NP-P554UJL, NP-CG6600UL, NP-P547UL, NP-P547ULG, NP-P547ULJL, NP-P607UL+, NP-P627UL, NP-P627UL+, NP-P627ULG, NP-P627ULJL, NP-PV710UL-B, NP-PV710UL-B1, NP-PV710UL-W, NP-PV710UL-W+, NP-PV710UL-W1, NP-PV730UL-BJL, NP-PV730UL-WJL, NP-PV800UL-B, NP-PV800UL-B+, NP-PV800UL-B1, NP-PV800UL-BJL, NP-PV800UL-W, NP-PV800UL-W+, NP-PV800UL-W1, NP-PV800UL-WJL, NP-CA4200X, NP-CA4265X, NP-CA4300U, NP-CA4300W, NP-CA4305X, NP-CA4400X, NP-CD2125X, NP-CD2200W, NP-CD2300U, NP-CD2310X, NP-CR2105X, NP-CR2200X, NP-CR2205W, NP-CR2300U, NP-CR2300W, NP-CR2315X, NP-CR2400X, NP-MC333XG, NP-MC363XG, NP-MC393WJL, NP-MC423W, NP-MC423WG, NP-MC453X, NP-MC453X, NP-MC453XG, NP-MC453XJL, NP-ME383WG, NP-ME403U, NP-ME403UG, NP-ME403UJL, NP-ME423W, NP-ME423WG, NP-ME423WJL, NP-ME453X, NP-ME453XG, NP-CB4400USL, NP-CB4400WSL, NP-CB4510UL, NP-CB4510WL, NP-CB4510XL, NP-CB4550USL, NP-CB6700UL, NP-CG6510UL, NP-PE456USL, NP-PE456USLG, NP-PE456USLJL, NP-PE456WSLG, NP-PE506UL, NP-PE506ULG, NP-PE506ULJL, NP-PE506WL, NP-PE506WLG, NP-PE506WLJL) allows an attacker to cause a denial-of-service (DoS) condition via SNMP service.\u003c/p\u003e"
}
],
"value": "Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC332WJL, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME372WJL, NP-ME382U, NP-ME382UG, NP-ME382UJL, NP-ME402X, NP-ME402XG, NP-ME402XJL, NP-CB4500XL, NP-CG6400UL, NP-CG6400WL, NP-CG6500XL, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CB4600U, NP-CF6600U, NP-P474U, NP-P554U, NP-P554U+, NP-P554UG, NP-P554UJL, NP-CG6600UL, NP-P547UL, NP-P547ULG, NP-P547ULJL, NP-P607UL+, NP-P627UL, NP-P627UL+, NP-P627ULG, NP-P627ULJL, NP-PV710UL-B, NP-PV710UL-B1, NP-PV710UL-W, NP-PV710UL-W+, NP-PV710UL-W1, NP-PV730UL-BJL, NP-PV730UL-WJL, NP-PV800UL-B, NP-PV800UL-B+, NP-PV800UL-B1, NP-PV800UL-BJL, NP-PV800UL-W, NP-PV800UL-W+, NP-PV800UL-W1, NP-PV800UL-WJL, NP-CA4200X, NP-CA4265X, NP-CA4300U, NP-CA4300W, NP-CA4305X, NP-CA4400X, NP-CD2125X, NP-CD2200W, NP-CD2300U, NP-CD2310X, NP-CR2105X, NP-CR2200X, NP-CR2205W, NP-CR2300U, NP-CR2300W, NP-CR2315X, NP-CR2400X, NP-MC333XG, NP-MC363XG, NP-MC393WJL, NP-MC423W, NP-MC423WG, NP-MC453X, NP-MC453X, NP-MC453XG, NP-MC453XJL, NP-ME383WG, NP-ME403U, NP-ME403UG, NP-ME403UJL, NP-ME423W, NP-ME423WG, NP-ME423WJL, NP-ME453X, NP-ME453XG, NP-CB4400USL, NP-CB4400WSL, NP-CB4510UL, NP-CB4510WL, NP-CB4510XL, NP-CB4550USL, NP-CB6700UL, NP-CG6510UL, NP-PE456USL, NP-PE456USLG, NP-PE456USLJL, NP-PE456WSLG, NP-PE506UL, NP-PE506ULG, NP-PE506ULJL, NP-PE506WL, NP-PE506WLG, NP-PE506WLJL) allows an attacker to cause a denial-of-service (DoS) condition via SNMP service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1242",
"description": "CWE-1242: Inclusion of Undocumented Features or Chicken Bits",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T15:51:26.863Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://sharp-displays.jp.sharp/global/support/info/Projector_vulnerability_202408.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2024-7011",
"datePublished": "2024-09-27T02:45:05.979Z",
"dateReserved": "2024-07-23T04:53:07.799Z",
"dateUpdated": "2025-12-08T15:51:26.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12176 (GCVE-0-2025-12176)
Vulnerability from cvelistv5 – Published: 2025-10-24 15:56 – Updated: 2025-10-24 19:56
VLAI?
Title
Undocumented Administrative Accounts
Summary
Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity ?
CWE
- CWE-1242 - Inclusion of Undocumented Features or Chicken Bits
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Azure Access Technology | BLU-IC2 |
Affected:
0 , ≤ 1.19.5
(semver)
|
|||||||
|
|||||||||
Credits
Kevin Schaller
Benjamin Lafois
Alexi Bitsios
Sebastian Toscano
Dominik Schneider
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T16:41:48.448092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T19:56:09.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BLU-IC2",
"vendor": "Azure Access Technology",
"versions": [
{
"lessThanOrEqual": "1.19.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BLU-IC4",
"vendor": "Azure Access Technology",
"versions": [
{
"lessThanOrEqual": "1.19.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kevin Schaller"
},
{
"lang": "en",
"type": "finder",
"value": "Benjamin Lafois"
},
{
"lang": "en",
"type": "finder",
"value": "Alexi Bitsios"
},
{
"lang": "en",
"type": "finder",
"value": "Sebastian Toscano"
},
{
"lang": "en",
"type": "finder",
"value": "Dominik Schneider"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Undocumented administrative accounts were getting created to facilitate access for applications running on board.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
}
],
"value": "Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
}
],
"impacts": [
{
"capecId": "CAPEC-36",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1242",
"description": "CWE-1242: Inclusion of Undocumented Features or Chicken Bits",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T15:56:07.959Z",
"orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
"shortName": "azure-access"
},
"references": [
{
"url": "https://azure-access.com/security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Undocumented Administrative Accounts",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
"assignerShortName": "azure-access",
"cveId": "CVE-2025-12176",
"datePublished": "2025-10-24T15:56:07.959Z",
"dateReserved": "2025-10-24T15:51:46.644Z",
"dateUpdated": "2025-10-24T19:56:09.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22450 (GCVE-0-2025-22450)
Vulnerability from cvelistv5 – Published: 2025-01-22 05:49 – Updated: 2025-02-12 20:41
VLAI?
Summary
Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports.
Severity ?
7.5 (High)
CWE
- CWE-1242 - Inclusion of undocumented features or chicken bits
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| I-O DATA DEVICE, INC. | UD-LT2 |
Affected:
firmware Ver.1.00.008_SE and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:33:09.160199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:22.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UD-LT2",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver.1.00.008_SE and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1242",
"description": "Inclusion of undocumented features or chicken bits",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T05:49:13.793Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.iodata.jp/support/information/2025/01_ud-lt2/"
},
{
"url": "https://jvn.jp/en/jp/JVN15293958/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-22450",
"datePublished": "2025-01-22T05:49:13.793Z",
"dateReserved": "2025-01-16T07:05:53.738Z",
"dateUpdated": "2025-02-12T20:41:22.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41754 (GCVE-0-2025-41754)
Vulnerability from cvelistv5 – Published: 2026-03-09 08:15 – Updated: 2026-03-09 20:14
VLAI?
Title
Arbitrary Read with ubr-editfile
Summary
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system.
Severity ?
6.5 (Medium)
CWE
- CWE-1242 - Inclusion of Undocumented Features or Chicken Bits
Assigner
References
Impacted products
Credits
Adrien Rey from Cyber Defense Campus Zurich
Daniel Hulliger from Armasuisse
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:01:21.260674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T20:14:06.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UBR-01 Mk II",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UBR-02",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UBR-LON",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Adrien Rey from Cyber Defense Campus Zurich"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Hulliger from Armasuisse"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system.\u003cbr\u003e"
}
],
"value": "A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1242",
"description": "CWE-1242 Inclusion of Undocumented Features or Chicken Bits",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T08:15:49.619Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.mbs-solutions.de/mbs-2025-0001"
}
],
"source": {
"defect": [
"CERT@VDE#641895"
],
"discovery": "UNKNOWN"
},
"title": "Arbitrary Read with ubr-editfile",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41754",
"datePublished": "2026-03-09T08:15:49.619Z",
"dateReserved": "2025-04-16T11:18:45.759Z",
"dateUpdated": "2026-03-09T20:14:06.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41756 (GCVE-0-2025-41756)
Vulnerability from cvelistv5 – Published: 2026-03-09 08:16 – Updated: 2026-03-09 20:14
VLAI?
Title
Arbitrary Write with ubr-editfile
Summary
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
Severity ?
8.1 (High)
CWE
- CWE-1242 - Inclusion of Undocumented Features or Chicken Bits
Assigner
References
Impacted products
Credits
Adrien Rey from Cyber Defense Campus Zurich
Daniel Hulliger from Armasuisse
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:01:41.875068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T20:14:06.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UBR-01 Mk II",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UBR-02",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UBR-LON",
"vendor": "MBS",
"versions": [
{
"lessThan": "6.0.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Adrien Rey from Cyber Defense Campus Zurich"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Hulliger from Armasuisse"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.\u003cbr\u003e"
}
],
"value": "A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1242",
"description": "CWE-1242 Inclusion of Undocumented Features or Chicken Bits",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T08:16:10.423Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.mbs-solutions.de/mbs-2025-0001"
}
],
"source": {
"defect": [
"CERT@VDE#641895"
],
"discovery": "UNKNOWN"
},
"title": "Arbitrary Write with ubr-editfile",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41756",
"datePublished": "2026-03-09T08:16:10.423Z",
"dateReserved": "2025-04-16T11:18:45.759Z",
"dateUpdated": "2026-03-09T20:14:06.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- The implementation of chicken bits in a released product is highly discouraged. If implemented at all, ensure that they are disabled in production devices. All interfaces to a device should be documented.
CAPEC-212: Functionality Misuse
An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.
CAPEC-36: Using Unpublished Interfaces or Functionality
An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for.