CVE-2023-7077

Name of the Vulnerable Software and Affected Versions Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8)

Description The issue allows an attacker to execute remote code by sending unintended parameters in an http request. This is due to incorrect restriction of the path name to a directory with limited access. The vulnerability can be exploited by a remote attacker, allowing them to execute arbitrary code. It is estimated that nearly 300,000 users worldwide are potentially affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable http endpoint until a patch is available. Avoid using unintended parameters in http requests to minimize the risk of exploitation.