CVE-2019-3929
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
10,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9435
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
StableCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Non-Repudiation
Potential Impacts:
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Read Files Or Directories
Modify Files Or Directories
Read Application Data
Modify Application Data
Hide Activities
Applicable Platforms
Technologies:
AI/ML, Not Technology-Specific, Web Server
79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
StableCommon Consequences
Security Scopes Affected:
Access Control
Confidentiality
Integrity
Availability
Potential Impacts:
Bypass Protection Mechanism
Read Application Data
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
AI/ML, Web Based, Web Server
Exploit
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma …
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
View Exploit Code →
Exploit
Barco WePresent - file_transfer.cgi Command Injection (Metasploit)
Verified Metasploit Framework (MSF)Barco WePresent - file_transfer.cgi Command Injection (Metasploit)
View Exploit Code →
Operating System
Pn-L703Wa Firmware by Sharp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:sharp:pn-l703wa_firmware:1.4.2.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Hd Wireless Presentation System Firmware by Blackbox
CPE Identifier
View Detailed Analysis
cpe:2.3:o:blackbox:hd_wireless_presentation_system_firmware:1.0.0.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Wips710 Firmware by Teqavit
CPE Identifier
View Detailed Analysis
cpe:2.3:o:teqavit:wips710_firmware:1.1.0.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Wepresent Wipg-1000P Firmware by Barco
CPE Identifier
View Detailed Analysis
cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Sharelink 250 Firmware by Extron
CPE Identifier
View Detailed Analysis
cpe:2.3:o:extron:sharelink_250_firmware:2.0.3.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Am-101 Firmware by Crestron
CPE Identifier
View Detailed Analysis
cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Am-100 Firmware by Crestron
CPE Identifier
View Detailed Analysis
cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Sharelink 200 Firmware by Extron
CPE Identifier
View Detailed Analysis
cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Liteshow3 Firmware by Infocus
CPE Identifier
View Detailed Analysis
cpe:2.3:o:infocus:liteshow3_firmware:1.0.16:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Wps-Pro Firmware by Optoma
CPE Identifier
View Detailed Analysis
cpe:2.3:o:optoma:wps-pro_firmware:1.0.0.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Wepresent Wipg-1600W Firmware by Barco
Version Range Affected
To
2.4.1.19
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Liteshow4 Firmware by Infocus
CPE Identifier
View Detailed Analysis
cpe:2.3:o:infocus:liteshow4_firmware:2.0.0.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019…
http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platfo…
http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-C…
https://www.exploit-db.com/exploits/46786/
https://www.tenable.com/security/research/tra-2019-20
http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platfo…
http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-C…
https://www.exploit-db.com/exploits/46786/
https://www.tenable.com/security/research/tra-2019-20