fkie_cve-2019-3929
Vulnerability from fkie_nvd
Published
2019-04-30 21:29
Modified
2025-02-07 15:00
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| crestron | am-100_firmware | 1.6.0.2 | |
| crestron | am-100 | - | |
| crestron | am-101_firmware | 2.7.0.2 | |
| crestron | am-101 | - | |
| barco | wepresent_wipg-1000p_firmware | 2.3.0.10 | |
| barco | wepresent_wipg-1000p | - | |
| barco | wepresent_wipg-1600w_firmware | * | |
| barco | wepresent_wipg-1600w | - | |
| extron | sharelink_200_firmware | 2.0.3.4 | |
| extron | sharelink_200 | - | |
| extron | sharelink_250_firmware | 2.0.3.4 | |
| extron | sharelink_250 | - | |
| teqavit | wips710_firmware | 1.1.0.7 | |
| teqavit | wips710 | - | |
| sharp | pn-l703wa_firmware | 1.4.2.3 | |
| sharp | pn-l703wa | - | |
| optoma | wps-pro_firmware | 1.0.0.5 | |
| optoma | wps-pro | - | |
| blackbox | hd_wireless_presentation_system_firmware | 1.0.0.5 | |
| blackbox | hd_wireless_presentation_system | - | |
| infocus | liteshow3_firmware | 1.0.16 | |
| infocus | liteshow3 | - | |
| infocus | liteshow4_firmware | 2.0.0.7 | |
| infocus | liteshow4 | - |
{
"cisaActionDue": "2022-05-06",
"cisaExploitAdd": "2022-04-15",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Crestron Multiple Products Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "913135BE-8FB4-40BA-85D8-AD0F824493C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "081E2B1B-027D-4846-8C61-54CE2D668CD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC584E7-9159-48E8-B499-F5CA68663503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AB0523-6EFF-4C78-A8BA-B2764DBB04D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4102ECBE-C362-4D67-A8B8-E0C796991A05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:barco:wepresent_wipg-1000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA49409-DD7A-443C-9C64-F7FC02AD572F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC11E306-2039-4981-B0DE-F0E086E82A99",
"versionEndExcluding": "2.4.1.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EDF943-F79F-4729-A15C-BEDFDAC42EA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A958C1-D420-4686-B16A-9F894D9D546B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:extron:sharelink_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9052908E-4A0A-4462-9054-FF8B81BE61AD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:extron:sharelink_250_firmware:2.0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4452FE8E-2FF1-4920-BE15-EDB36865E436",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:extron:sharelink_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D0429EC-69E4-40DF-8F58-92C14B1EE30F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teqavit:wips710_firmware:1.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "30DE4653-931B-4EE4-997C-EDE3B4FD1103",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teqavit:wips710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C065DAA-CCAD-4551-A6D3-61A714EBEC2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:pn-l703wa_firmware:1.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B378214-4F0E-4365-92B4-A1C1CA1BF8E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:pn-l703wa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "515FE3BB-C5C9-496C-A002-E5687D5D2B00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:optoma:wps-pro_firmware:1.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B85EAE85-7C54-4B93-96BA-72FCB1CFA94F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:optoma:wps-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2033CAD9-390C-4AA4-A05E-951849AB16E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackbox:hd_wireless_presentation_system_firmware:1.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2143F71D-47D5-4630-B1CF-74824682523C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:blackbox:hd_wireless_presentation_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5722F58-47BA-4430-8F92-FA56348FD4A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:infocus:liteshow3_firmware:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A31899CB-CC41-446A-AB84-40D2BDED1F30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:infocus:liteshow3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E81DF5B-9FD1-44E7-B23D-639ACAD4EED0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:infocus:liteshow4_firmware:2.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D361E8D9-377E-4DBB-BFAC-35CB4333A6EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:infocus:liteshow4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B7C16D-C7D8-4502-B466-1D6A0183527A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root."
},
{
"lang": "es",
"value": "El firmware Crestron AM-100 versi\u00f3n 1.6.0.2, el firmware Crestron AM-101 versi\u00f3n 2.7.0.1, Barco wePresent WiPG-1000P firmware versi\u00f3n 2.3.0.10, Barco wePresent WiPG-1600W antes del firmware versi\u00f3n 2.4.1.19, Extron ShareLink 200/250 firmware versi\u00f3n 2.0.3.4, Teq AV IT WIPS710 firmware versi\u00f3n 1.1.0.7, SHARP PN-L703WA firmware versi\u00f3n 1.4.2.3, Optoma WPS-Pro firmware versi\u00f3n 1.0.0.5, Blackbox HD WPS firmware versi\u00f3n 1.0.0.5, InFocus LiteShow3 firmware versi\u00f3n 1.0.16 e InFocus LiteShow4 versi\u00f3n 2.0.0.7 son vulnerables para ordenar la inyecci\u00f3n por medio del endpoint HTTP file_transfer.cgi. Un atacante remoto no identificado puede usar esta vulnerabilidad para ejecutar comandos del sistema operativo como root."
}
],
"id": "CVE-2019-3929",
"lastModified": "2025-02-07T15:00:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-04-30T21:29:00.713",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46786/"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46786/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-20"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.