CVE-2019-3930 (GCVE-0-2019-3930)

Vulnerability from cvelistv5 – Published: 2019-04-30 20:25 – Updated: 2024-08-04 19:26
VLAI?
Summary
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.
Severity ?
No CVSS data available.
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Crestron Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4. Affected: Crestron AM-100 firmware 1.6.0.2
Affected: Crestron AM-101 firmware 2.7.0.1
Affected: Barco wePresent WiPG-1000P firmware 2.3.0.10
Affected: Barco wePresent WiPG-1600W before firmware 2.4.1.19
Affected: Extron ShareLink 200/250 firmware 2.0.3.4
Affected: Teq AV IT WIPS710 firmware 1.1.0.7
Affected: SHARP PN-L703WA firmware 1.4.2.3
Affected: Optoma WPS-Pro firmware 1.0.0.5
Affected: Blackbox HD WPS firmware 1.0.0.5
Affected: InFocus LiteShow3 firmware 1.0.16
Affected: and InFocus LiteShow4 2.0.0.7
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.743Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2019-20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4.",
          "vendor": "Crestron",
          "versions": [
            {
              "status": "affected",
              "version": "Crestron AM-100 firmware 1.6.0.2"
            },
            {
              "status": "affected",
              "version": "Crestron AM-101 firmware 2.7.0.1"
            },
            {
              "status": "affected",
              "version": "Barco wePresent WiPG-1000P firmware 2.3.0.10"
            },
            {
              "status": "affected",
              "version": "Barco wePresent WiPG-1600W before firmware 2.4.1.19"
            },
            {
              "status": "affected",
              "version": "Extron ShareLink 200/250 firmware 2.0.3.4"
            },
            {
              "status": "affected",
              "version": "Teq AV IT WIPS710 firmware 1.1.0.7"
            },
            {
              "status": "affected",
              "version": "SHARP PN-L703WA firmware 1.4.2.3"
            },
            {
              "status": "affected",
              "version": "Optoma WPS-Pro firmware 1.0.0.5"
            },
            {
              "status": "affected",
              "version": "Blackbox HD WPS firmware 1.0.0.5"
            },
            {
              "status": "affected",
              "version": "InFocus LiteShow3 firmware 1.0.16"
            },
            {
              "status": "affected",
              "version": "and InFocus LiteShow4 2.0.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so\u0027s PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-30T20:25:56",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2019-20"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2019-3930",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4.",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Crestron AM-100 firmware 1.6.0.2"
                          },
                          {
                            "version_value": "Crestron AM-101 firmware 2.7.0.1"
                          },
                          {
                            "version_value": "Barco wePresent WiPG-1000P firmware 2.3.0.10"
                          },
                          {
                            "version_value": "Barco wePresent WiPG-1600W before firmware 2.4.1.19"
                          },
                          {
                            "version_value": "Extron ShareLink 200/250 firmware 2.0.3.4"
                          },
                          {
                            "version_value": "Teq AV IT WIPS710 firmware 1.1.0.7"
                          },
                          {
                            "version_value": "SHARP PN-L703WA firmware 1.4.2.3"
                          },
                          {
                            "version_value": "Optoma WPS-Pro firmware 1.0.0.5"
                          },
                          {
                            "version_value": "Blackbox HD WPS firmware 1.0.0.5"
                          },
                          {
                            "version_value": "InFocus LiteShow3 firmware 1.0.16"
                          },
                          {
                            "version_value": "and InFocus LiteShow4 2.0.0.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Crestron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so\u0027s PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121 Stack-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2019-20",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2019-20"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2019-3930",
    "datePublished": "2019-04-30T20:25:56",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-08-04T19:26:27.743Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"913135BE-8FB4-40BA-85D8-AD0F824493C3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"081E2B1B-027D-4846-8C61-54CE2D668CD0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AC584E7-9159-48E8-B499-F5CA68663503\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0AB0523-6EFF-4C78-A8BA-B2764DBB04D0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4102ECBE-C362-4D67-A8B8-E0C796991A05\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:barco:wepresent_wipg-1000p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CA49409-DD7A-443C-9C64-F7FC02AD572F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.4.1.19\", \"matchCriteriaId\": \"CC11E306-2039-4981-B0DE-F0E086E82A99\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6EDF943-F79F-4729-A15C-BEDFDAC42EA3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2A958C1-D420-4686-B16A-9F894D9D546B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:extron:sharelink_200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9052908E-4A0A-4462-9054-FF8B81BE61AD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:extron:sharelink_250_firmware:2.0.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4452FE8E-2FF1-4920-BE15-EDB36865E436\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:extron:sharelink_250:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D0429EC-69E4-40DF-8F58-92C14B1EE30F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:teqavit:wips710_firmware:1.1.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30DE4653-931B-4EE4-997C-EDE3B4FD1103\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:teqavit:wips710:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C065DAA-CCAD-4551-A6D3-61A714EBEC2A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sharp:pn-l703wa_firmware:1.4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B378214-4F0E-4365-92B4-A1C1CA1BF8E9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sharp:pn-l703wa:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"515FE3BB-C5C9-496C-A002-E5687D5D2B00\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:optoma:wps-pro_firmware:1.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B85EAE85-7C54-4B93-96BA-72FCB1CFA94F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:optoma:wps-pro:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2033CAD9-390C-4AA4-A05E-951849AB16E8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:blackbox:hd_wireless_presentation_system_firmware:1.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2143F71D-47D5-4630-B1CF-74824682523C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:blackbox:hd_wireless_presentation_system:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5722F58-47BA-4430-8F92-FA56348FD4A9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:infocus:liteshow3_firmware:1.0.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A31899CB-CC41-446A-AB84-40D2BDED1F30\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:infocus:liteshow3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E81DF5B-9FD1-44E7-B23D-639ACAD4EED0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:infocus:liteshow4_firmware:2.0.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D361E8D9-377E-4DBB-BFAC-35CB4333A6EB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:infocus:liteshow4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76B7C16D-C7D8-4502-B466-1D6A0183527A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so\u0027s PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.\"}, {\"lang\": \"es\", \"value\": \"El firmware Crestron AM-100 versi\\u00f3n 1.6.0.2, el firmware Crestron AM-101 versi\\u00f3n 2.7.0.1, Barco wePresent WiPG-1000P firmware versi\\u00f3n 2.3.0.10, Barco wePresent WiPG-1600W antes del firmware versi\\u00f3n 2.4.1.19, Extron ShareLink 200/250 firmware versi\\u00f3n 2.0.3.4, Teq AV IT WIPS710 firmware versi\\u00f3n 1.1.0.7, SHARP PN-L703WA firmware versi\\u00f3n 1.4.2.3, Optoma WPS-Pro firmware versi\\u00f3n 1.0.0.5, Blackbox HD WPS firmware versi\\u00f3n 1.0.0.5, InFocus LiteShow3 firmware versi\\u00f3n 1.0.16 e InFocus LiteShow4 versi\\u00f3n 2.0.0.7 son vulnerables a un desbordamiento de b\\u00fafer de pila en la funci\\u00f3n PARSERtoCHAR de libAwgCgi.so. Un atacante remoto no autenticado puede usar esta vulnerabilidad para ejecutar c\\u00f3digo arbitrario como root por medio de una petici\\u00f3n creada para el endpoint return.cgi.\"}]",
      "id": "CVE-2019-3930",
      "lastModified": "2024-11-21T04:42:53.220",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-04-30T21:29:00.777",
      "references": "[{\"url\": \"https://www.tenable.com/security/research/tra-2019-20\", \"source\": \"vulnreport@tenable.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/research/tra-2019-20\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "vulnreport@tenable.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"vulnreport@tenable.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-121\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3930\",\"sourceIdentifier\":\"vulnreport@tenable.com\",\"published\":\"2019-04-30T21:29:00.777\",\"lastModified\":\"2024-11-21T04:42:53.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so\u0027s PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.\"},{\"lang\":\"es\",\"value\":\"El firmware Crestron AM-100 versi\u00f3n 1.6.0.2, el firmware Crestron AM-101 versi\u00f3n 2.7.0.1, Barco wePresent WiPG-1000P firmware versi\u00f3n 2.3.0.10, Barco wePresent WiPG-1600W antes del firmware versi\u00f3n 2.4.1.19, Extron ShareLink 200/250 firmware versi\u00f3n 2.0.3.4, Teq AV IT WIPS710 firmware versi\u00f3n 1.1.0.7, SHARP PN-L703WA firmware versi\u00f3n 1.4.2.3, Optoma WPS-Pro firmware versi\u00f3n 1.0.0.5, Blackbox HD WPS firmware versi\u00f3n 1.0.0.5, InFocus LiteShow3 firmware versi\u00f3n 1.0.16 e InFocus LiteShow4 versi\u00f3n 2.0.0.7 son vulnerables a un desbordamiento de b\u00fafer de pila en la funci\u00f3n PARSERtoCHAR de libAwgCgi.so. Un atacante remoto no autenticado puede usar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario como root por medio de una petici\u00f3n creada para el endpoint return.cgi.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"vulnreport@tenable.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"913135BE-8FB4-40BA-85D8-AD0F824493C3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"081E2B1B-027D-4846-8C61-54CE2D668CD0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AC584E7-9159-48E8-B499-F5CA68663503\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0AB0523-6EFF-4C78-A8BA-B2764DBB04D0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4102ECBE-C362-4D67-A8B8-E0C796991A05\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:barco:wepresent_wipg-1000p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CA49409-DD7A-443C-9C64-F7FC02AD572F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.1.19\",\"matchCriteriaId\":\"CC11E306-2039-4981-B0DE-F0E086E82A99\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6EDF943-F79F-4729-A15C-BEDFDAC42EA3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2A958C1-D420-4686-B16A-9F894D9D546B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:extron:sharelink_200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9052908E-4A0A-4462-9054-FF8B81BE61AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:extron:sharelink_250_firmware:2.0.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4452FE8E-2FF1-4920-BE15-EDB36865E436\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:extron:sharelink_250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D0429EC-69E4-40DF-8F58-92C14B1EE30F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:teqavit:wips710_firmware:1.1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30DE4653-931B-4EE4-997C-EDE3B4FD1103\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:teqavit:wips710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C065DAA-CCAD-4551-A6D3-61A714EBEC2A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sharp:pn-l703wa_firmware:1.4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B378214-4F0E-4365-92B4-A1C1CA1BF8E9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sharp:pn-l703wa:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"515FE3BB-C5C9-496C-A002-E5687D5D2B00\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:optoma:wps-pro_firmware:1.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B85EAE85-7C54-4B93-96BA-72FCB1CFA94F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:optoma:wps-pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2033CAD9-390C-4AA4-A05E-951849AB16E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:blackbox:hd_wireless_presentation_system_firmware:1.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2143F71D-47D5-4630-B1CF-74824682523C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:blackbox:hd_wireless_presentation_system:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5722F58-47BA-4430-8F92-FA56348FD4A9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:infocus:liteshow3_firmware:1.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31899CB-CC41-446A-AB84-40D2BDED1F30\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:infocus:liteshow3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E81DF5B-9FD1-44E7-B23D-639ACAD4EED0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:infocus:liteshow4_firmware:2.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D361E8D9-377E-4DBB-BFAC-35CB4333A6EB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:infocus:liteshow4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76B7C16D-C7D8-4502-B466-1D6A0183527A\"}]}]}],\"references\":[{\"url\":\"https://www.tenable.com/security/research/tra-2019-20\",\"source\":\"vulnreport@tenable.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/research/tra-2019-20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.