CVE-2021-20698

Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.

Published: 2021-06-07 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2021-20698 is rated Moderate Risk (61.4/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 0.44%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2021-20698

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-05-26 0.47% 0.44% -0.03%
2 2025-07-07 0.44% 0.47% +0.03%
3 2025-03-17 0.44%

Full EPSS history (13 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2021-20698

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.8 3.1 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 5.9 [email protected]
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 10.0 [email protected]

Weakness enumeration for CVE-2021-20698

Affected software / configurations for CVE-2021-20698

Vendor Product Version Raw CPE
sharp-nec-displays un462a_firmware <= r1.300 cpe:2.3:o:sharp-nec-displays:un462a_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays un462va_firmware <= r1.300 cpe:2.3:o:sharp-nec-displays:un462va_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays un492s_firmware <= r1.300 cpe:2.3:o:sharp-nec-displays:un492s_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays un492vs_firmware <= r1.300 cpe:2.3:o:sharp-nec-displays:un492vs_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays un552a_firmware <= r1.300 cpe:2.3:o:sharp-nec-displays:un552a_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays un552s_firmware <= r1.300 cpe:2.3:o:sharp-nec-displays:un552s_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays un552vs_firmware <= r1.300 cpe:2.3:o:sharp-nec-displays:un552vs_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays un552_firmware <= r1.300 cpe:2.3:o:sharp-nec-displays:un552_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays un552v_firmware <= r1.300 cpe:2.3:o:sharp-nec-displays:un552v_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays ux552s_firmware <= r1.300 cpe:2.3:o:sharp-nec-displays:ux552s_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays ux552_firmware <= r1.300 cpe:2.3:o:sharp-nec-displays:ux552_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays v864q_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:v864q_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays c861q_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:c861q_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays p754q_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:p754q_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays v754q_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:v754q_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays c751q_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:c751q_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays v984q_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:v984q_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays c981q_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:c981q_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays p654q_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:p654q_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays v654q_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:v654q_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays c651q_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:c651q_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays v554q_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:v554q_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays p404_firmware <= r3.201 cpe:2.3:o:sharp-nec-displays:p404_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays p484_firmware <= r3.201 cpe:2.3:o:sharp-nec-displays:p484_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays p554_firmware <= r3.201 cpe:2.3:o:sharp-nec-displays:p554_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays v404_firmware <= r3.201 cpe:2.3:o:sharp-nec-displays:v404_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays v484_firmware <= r3.201 cpe:2.3:o:sharp-nec-displays:v484_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays v554_firmware <= r3.201 cpe:2.3:o:sharp-nec-displays:v554_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays v404-t_firmware <= r3.201 cpe:2.3:o:sharp-nec-displays:v404-t_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays v484-t_firmware <= r3.201 cpe:2.3:o:sharp-nec-displays:v484-t_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays v554-t_firmware <= r3.201 cpe:2.3:o:sharp-nec-displays:v554-t_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays c501_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:c501_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays c551_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:c551_firmware:*:*:*:*:*:*:*:*
sharp-nec-displays c431_firmware <= r2.000 cpe:2.3:o:sharp-nec-displays:c431_firmware:*:*:*:*:*:*:*:*

References for CVE-2021-20698

cvelogic Threat Intelligence