Lucene search

TenableCVE-2019-3929

HistoryApr 30, 2019 - 9:29 p.m.

CVE-2019-3929

2019-04-3021:29:00

CWE-78

CWE-79

tenable

web.nvd.nist.gov

926

In Wild

cve-2019-3929

information security

vulnerability

command injection

remote attack

wireless presentation systems

firmware

operating system commands

cve

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.974

Percentile

99.9%

JSON

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Affected configurations

Nvd

Node

crestronam-100_firmwareMatch1.6.0.2

AND

crestronam-100Match-

Node

crestronam-101_firmwareMatch2.7.0.2

AND

crestronam-101Match-

Node

barcowepresent_wipg-1000p_firmwareMatch2.3.0.10

AND

barcowepresent_wipg-1000pMatch-

Node

barcowepresent_wipg-1600w_firmwareRange<2.4.1.19

AND

barcowepresent_wipg-1600wMatch-

Node

extronsharelink_200_firmwareMatch2.0.3.4

AND

extronsharelink_200Match-

Node

extronsharelink_250_firmwareMatch2.0.3.4

AND

extronsharelink_250Match-

Node

teqavitwips710_firmwareMatch1.1.0.7

AND

teqavitwips710Match-

Node

sharppn-l703wa_firmwareMatch1.4.2.3

AND

sharppn-l703waMatch-

Node

optomawps-pro_firmwareMatch1.0.0.5

AND

optomawps-proMatch-

Node

blackboxhd_wireless_presentation_system_firmwareMatch1.0.0.5

AND

blackboxhd_wireless_presentation_systemMatch-

Node

infocusliteshow3_firmwareMatch1.0.16

AND

infocusliteshow3Match-

Node

infocusliteshow4_firmwareMatch2.0.0.7

AND

infocusliteshow4Match-

VendorProductVersionCPE
crestronam-100_firmware1.6.0.2cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*
crestronam-100-cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*
crestronam-101_firmware2.7.0.2cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*
crestronam-101-cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*
barcowepresent_wipg-1000p_firmware2.3.0.10cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:*:*:*:*:*:*:*
barcowepresent_wipg-1000p-cpe:2.3:h:barco:wepresent_wipg-1000p:-:*:*:*:*:*:*:*
barcowepresent_wipg-1600w_firmware*cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:*:*:*:*:*:*:*:*
barcowepresent_wipg-1600w-cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:*
extronsharelink_200_firmware2.0.3.4cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:*:*:*:*:*:*:*
extronsharelink_200-cpe:2.3:h:extron:sharelink_200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
crestron	am-100_firmware	1.6.0.2	cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:::::::*
crestron	am-100	-	cpe:2.3:h:crestron:am-100:-:::::::*
crestron	am-101_firmware	2.7.0.2	cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:::::::*
crestron	am-101	-	cpe:2.3:h:crestron:am-101:-:::::::*
barco	wepresent_wipg-1000p_firmware	2.3.0.10	cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:::::::*
barco	wepresent_wipg-1000p	-	cpe:2.3:h:barco:wepresent_wipg-1000p:-:::::::*
barco	wepresent_wipg-1600w_firmware	*	cpe:2.3:o:barco:wepresent_wipg-1600w_firmware::::::::
barco	wepresent_wipg-1600w	-	cpe:2.3:h:barco:wepresent_wipg-1600w:-:::::::*
extron	sharelink_200_firmware	2.0.3.4	cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:::::::*
extron	sharelink_200	-	cpe:2.3:h:extron:sharelink_200:-:::::::*

Rows per page:

1-10 of 241

CNA Affected

[
  {
    "product": "Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4.",
    "vendor": "Crestron",
    "versions": [
      {
        "status": "affected",
        "version": "Crestron AM-100 firmware 1.6.0.2"
      },
      {
        "status": "affected",
        "version": "Crestron AM-101 firmware 2.7.0.1"
      },
      {
        "status": "affected",
        "version": "Barco wePresent WiPG-1000P firmware 2.3.0.10"
      },
      {
        "status": "affected",
        "version": "Barco wePresent WiPG-1600W before firmware 2.4.1.19"
      },
      {
        "status": "affected",
        "version": "Extron ShareLink 200/250 firmware 2.0.3.4"
      },
      {
        "status": "affected",
        "version": "Teq AV IT WIPS710 firmware 1.1.0.7"
      },
      {
        "status": "affected",
        "version": "SHARP PN-L703WA firmware 1.4.2.3"
      },
      {
        "status": "affected",
        "version": "Optoma WPS-Pro firmware 1.0.0.5"
      },
      {
        "status": "affected",
        "version": "Blackbox HD WPS firmware 1.0.0.5"
      },
      {
        "status": "affected",
        "version": "InFocus LiteShow3 firmware 1.0.16"
      },
      {
        "status": "affected",
        "version": "and InFocus LiteShow4 2.0.0.7"
      }
    ]
  }
]