U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:dell:chengming_3977_firmware:1.6.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity
CVE-2022-24410

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.

Published: February 10, 2023; 6:15:32 AM -0500 		V4.0:(not available)
 V3.1: 4.2 MEDIUM
V2.0:(not available)
CVE-2021-36343

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Published: January 24, 2022; 3:15:08 PM -0500 		V4.0:(not available)
 V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-36342

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Published: January 24, 2022; 3:15:07 PM -0500 		V4.0:(not available)
 V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-36325

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Published: November 12, 2021; 6:15:08 PM -0500 		V4.0:(not available)
 V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-36324

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Published: November 12, 2021; 6:15:08 PM -0500 		V4.0:(not available)
 V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-36323

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Published: November 12, 2021; 6:15:08 PM -0500 		V4.0:(not available)
 V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2020-5362

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Published: June 10, 2020; 5:15:10 PM -0400 		V4.0:(not available)
 V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW