CVE-2021-37911
HIGHBenQ EH600 Firmware < 01.00.30.00 - Unauthenticated Arbitrary Command Execution via Management Interface
Title source: llmDescription
The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5047-7ef35-1.html
Scores
CVSS v3
8.8
EPSS
0.0058
EPSS Percentile
43.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
benq/eh600_firmware
< 01.00.30.00
Published
Aug 30, 2021
Tracked Since
Feb 18, 2026