Login Sign Up

CVE-2021-37911

8.8 HIGH
Remote Code Execution Authentication Bypass

📋 TL;DR

This vulnerability allows attackers on the same local network to bypass privilege controls in BenQ smart wireless conference projector management interfaces. Attackers can access any system directory and execute arbitrary commands, potentially taking full control of affected devices. Organizations using these projectors on internal networks are affected.

💻 Affected Systems

Products:
  • BenQ smart wireless conference projectors
Versions: Specific versions not specified in provided references
Operating Systems: Embedded/projector firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with management interface enabled on local network

📦 What is this software?

Eh600 Firmware by Benq

View all CVEs affecting Eh600 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of projector with persistent backdoor installation, credential theft, and lateral movement to other network devices.

🟠

Likely Case

Unauthorized access to sensitive presentation materials, device configuration tampering, and use as pivot point for network attacks.

🟢

If Mitigated

Limited to isolated network segments with no critical systems accessible.

🌐 Internet-Facing: LOW (requires local network access per description)
🏢 Internal Only: HIGH (attackers on local subnet can exploit without authentication)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires local network access but no authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://www.twcert.org.tw/tw/cp-132-5047-7ef35-1.html

Restart Required: Yes

Instructions:

1. Contact BenQ support for firmware updates. 2. Download latest firmware from vendor portal. 3. Apply update via management interface. 4. Verify update completion and restart device.

🔧 Temporary Workarounds

Network segmentation

all

Isolate projectors on separate VLAN without access to critical systems

Management interface restriction

all

Disable or restrict management interface to specific administrative IPs

🧯 If You Can't Patch

  • Physically disconnect from network when not in use
  • Implement strict firewall rules blocking all unnecessary traffic to projector

🔍 How to Verify

Check if Vulnerable:

Check if management interface is accessible from local network without authentication and test directory traversal

Check Version:

Check device web interface or serial console for firmware version

Verify Fix Applied:

Verify firmware version matches patched release and test that directory traversal no longer works

📡 Detection & Monitoring

Log Indicators:

  • Unusual access to management interface
  • Multiple failed authentication attempts followed by successful access
  • Commands executed via web interface

Network Indicators:

  • Unusual outbound connections from projector
  • Traffic to unexpected ports from projector IP

SIEM Query:

source_ip="projector_ip" AND (url_path CONTAINS "/cgi-bin/" OR url_path CONTAINS "system" OR method="POST" to management interface)

📊 Metadata

CVE ID: CVE-2021-37911
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
Published: August 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37911, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)