CVE-2021-27942

EUVD-2021-14660
Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
viziop65-f1_firmware
6.0.31.4-2
vizioe50x-e1_firmware
10.0.31.4-2
𝑥
= Vulnerable software versions
References
https://www.l9group.com/advisories/vizio-tv-code-execution-from-a-usb-drive
https://www.l9group.com/advisories/vizio-tv-code-execution-from-a-usb-drive