CVE-2021-37911
Description
The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
BenQ EH600 smart conference projector with improper privilege management in web interface allows unauthenticated attackers on local network to access arbitrary directories and execute commands.
Vulnerability
The management interface of the BenQ EH600 smart wireless conference projector (OTA v01.00.31.00 on AOSP 6.0) fails to properly control user privileges [1]. The web service does not enforce access controls, enabling unauthenticated users to access any system directory on the device.
Exploitation
An attacker positioned on the local subnet can access the vulnerable web service without authentication [1]. The attacker can browse arbitrary directories, upload malicious files, and execute commands directly through the interface.
Impact
Successful exploitation allows an attacker to read, write, and execute arbitrary files with system privileges [1]. This leads to full compromise of the device's confidentiality, integrity, and availability.
Mitigation
BenQ released a fix in OTA version v01.00.30.00 (AOSP 6.0) [1]. Users should update to this version or later. As a workaround, restrict network access to the device's management interface to trusted segments only.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- BenQ/EH600 OTAv5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.twcert.org.tw/tw/cp-132-5047-7ef35-1.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.