CVE-2021-27942

Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
viziop65-f1_firmware
6.0.31.4-2
vizioe50x-e1_firmware
10.0.31.4-2
𝑥
= Vulnerable software versions
References
https://www.l9group.com/advisories/vizio-tv-code-execution-from-a-usb-drive
https://www.l9group.com/advisories/vizio-tv-code-execution-from-a-usb-drive