Skip to main content

Chengming 3990 Firmware CVE-2021-36283

MEDIUM
Improper Input Validation (CWE-20)
2021-09-28 security_alert@emc.com
Dell RCE Chengming 3990 Firmware Chengming 3991 Firmware G3 15 3500 Firmware G3 15 3590 Firmware G3 15 5500 Firmware Inspiron 3493 Firmware Inspiron 3501 Firmware Inspiron 3593 Firmware Inspiron 3793 Firmware Inspiron 3880 Firmware Inspiron 3881 Firmware Inspiron 5400 2 In 1 Firmware Inspiron 5490 Firmware Inspiron 5493 Firmware Inspiron 5498 Firmware Inspiron 5590 Firmware Inspiron 5593 Firmware Inspiron 5598 Firmware Inspiron 7391 2 In 1 Firmware Inspiron 7500 Firmware Inspiron 7500 2 In 1 Silver Firmware Inspiron 7501 Firmware Inspiron 7590 Firmware Inspiron 7591 Firmware Latitude 3310 Firmware Latitude 3310 2 In 1 Firmware Latitude 5300 Firmware Latitude 5300 2 In 1 Firmware Latitude 5310 Firmware Latitude 5310 2 In 1 Firmware Latitude 5400 Firmware Latitude 5401 Firmware Latitude 5410 Firmware Latitude 5411 Firmware Latitude 5500 Firmware Latitude 5511 Firmware Latitude 7200 2 In 1 Firmware Latitude 7210 2 In 1 Firmware Latitude 7220Ex Rugged Extreme Tablet Firmware Latitude 7300 Firmware Latitude 7310 Firmware Latitude 7400 Firmware Latitude 7400 2 In 1 Firmware Latitude 7410 Firmware Latitude 9410 Firmware Latitude 9510 Firmware Optiplex 3080 Firmware Optiplex 3280 Aio Firmware Optiplex 5080 Firmware Optiplex 5480 Aio Firmware Optiplex 7080 Firmware Optiplex 7480 Aio Firmware Optiplex 7780 Aio Firmware Precision 3440 Firmware Precision 3540 Firmware Precision 3541 Firmware Precision 3550 Firmware Precision 3551 Firmware Precision 3640 Tower Firmware Precision 5540 Firmware Precision 5550 Firmware Precision 5750 Firmware Precision 7540 Firmware Precision 7550 Firmware Precision 7740 Firmware Precision 7750 Firmware Vostro 3401 Firmware Vostro 3491 Firmware Vostro 3501 Firmware Vostro 3591 Firmware Vostro 3681 Firmware Vostro 3881 Firmware Vostro 3888 Firmware Vostro 5490 Firmware Vostro 5590 Firmware Vostro 7500 Firmware Vostro 7590 Firmware Wyse 5470 Firmware Xps 13 9300 Firmware Xps 13 9380 Firmware Xps 17 9700 Firmware Xps 7380 Firmware Xps 7590 Firmware Xps 7390 2 In 1 Firmware Xps 9500 Firmware
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 28, 2021 - 20:15 nvd
MEDIUM 6.7

DescriptionNVD

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

AnalysisAI

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Affected products include: Dell Chengming 3990 Firmware, Dell Chengming 3991 Firmware, Dell G3 15 3500 Firmware, Dell G3 15 3590 Firmware, Dell G3 15 5500 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-52541 HIGH
8.2 Feb 19

Dell Client Platform BIOS contains a Weak Authentication vulnerability. Rated high severity (CVSS 8.2), this vulnerabili

CVE-2022-32493 HIGH
7.8 Oct 12

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l

CVE-2022-32491 HIGH
7.8 Oct 12

Dell Client BIOS contains a Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low att

CVE-2022-32489 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-32488 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-32487 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-32485 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-26861 HIGH
7.8 Sep 06

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. Rated high severity (CVSS 7.8), this vulner

CVE-2022-26860 HIGH
7.8 Sep 06

Dell BIOS versions contain a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerabili

CVE-2022-26858 HIGH
7.8 Sep 06

Dell BIOS versions contain an Improper Authentication vulnerability. Rated high severity (CVSS 7.8), this vulnerability

CVE-2021-21574 HIGH
7.5 Jun 24

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch avail

CVE-2021-21573 HIGH
7.5 Jun 24

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch avail

Share

CVE-2021-36283 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy