High Severity Flaws Discovered in Nvidia Shield TV and Intel NUCs

By
Anandhu Krishnan
Published on
14 Oct 2019
2 min read
blog

Two popular products from tech giants Intel and Nvidia have been identified having high-severity flaws. The products impacted are the Nvidia Shield TV and Intel NUC mini-PC kit.

The Nvidia Shield TV, a media streaming box that runs on the Android OS is used mainly for gaming and media streaming. Intel’s NUC (Next Unit of Computing) mini-PC is used for gaming, digital signage and it offers processing, memory and storage capabilities.

Both companies released a security advisory stating four high-severity flaws. The flaws in the Nvidia Shield can enable code execution, denial of service, escalation of privileges, and information disclosure. The two vulnerabilities in the Intel NUC can lead to denial of service or information disclosure.

Nvidia Shield TV Vulnerabilities


Nvidia Shield TV

CVE-201-5699, one of the flaws in the Nvidia Shield TV can affect the Tegra bootloader via incorrect bound check and the second flaw (CVE-2019-5700) also affects the bootloader. Both the flaws rate 7.6 on 10 in the CVSS (Common Vulnerability Scoring System).

It is advised to update to version 8.0.1 as soon as possible and patch the device against the vulnerabilities.

Intel NUC Vulnerabilities

Intel NUCs

The two high-severity flaws in the Intel NUC include a pointer corruption bug (CVE-2019-14569) and a memory corruption bug (CVE-2019-14570) that can allow a local attacker to launch an array of malicious attacks. Both the flaws are rated 7.5 out of 10 within the CVSS.

The impacted products include the NUC 8 mainstream game kit and mini-computer, the Intel NUC Board DE3815TYBE (H26998-500 & later), NUC Kit DE3815TYKHE (H27002-500 & later), NUC Board DE3815TYBE, NUC Kit DE3815TYKHE and NUC Kit DN2820FYKH. The relevant updates are available for download on Intel’s website.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Anandhu Krishnan
Anandhu Krishnan
Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.