Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-3930
HistoryApr 30, 2019 - 9:29 p.m.

CVE-2019-3930

2019-04-3021:29:00
CWE-121
CWE-787
[email protected]
web.nvd.nist.gov
19
cve
2019
3930
stack buffer overflow
wireless presentation systems
security vulnerability
remote code execution
nvd
crestron
barco
extron
teq av it
sharp
optoma
blackbox
infocus
firmware
libawgcgi.so
parsertochar function

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.9%

JSON

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so’s PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.

Affected configurations

NVD
Node
crestronam-100Match-
AND
crestronam-100_firmwareMatch1.6.0.2
Node
crestronam-101Match-
AND
crestronam-101_firmwareMatch2.7.0.2
Node
barcowepresent_wipg-1000pMatch-
AND
barcowepresent_wipg-1000p_firmwareMatch2.3.0.10
Node
barcowepresent_wipg-1600wMatch-
AND
barcowepresent_wipg-1600w_firmwareRange<2.4.1.19
Node
extronsharelink_200_firmwareMatch2.0.3.4
AND
extronsharelink_200Match-
Node
extronsharelink_250_firmwareMatch2.0.3.4
AND
extronsharelink_250Match-
Node
teqavitwips710_firmwareMatch1.1.0.7
AND
teqavitwips710Match-
Node
sharppn-l703wa_firmwareMatch1.4.2.3
AND
sharppn-l703waMatch-
Node
optomawps-proMatch-
AND
optomawps-pro_firmwareMatch1.0.0.5
Node
blackboxhd_wireless_presentation_systemMatch-
AND
blackboxhd_wireless_presentation_system_firmwareMatch1.0.0.5
Node
infocusliteshow3_firmwareMatch1.0.16
AND
infocusliteshow3Match-
Node
infocusliteshow4_firmwareMatch2.0.0.7
AND
infocusliteshow4Match-

CNA Affected

[
  {
    "product": "Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4.",
    "vendor": "Crestron",
    "versions": [
      {
        "status": "affected",
        "version": "Crestron AM-100 firmware 1.6.0.2"
      },
      {
        "status": "affected",
        "version": "Crestron AM-101 firmware 2.7.0.1"
      },
      {
        "status": "affected",
        "version": "Barco wePresent WiPG-1000P firmware 2.3.0.10"
      },
      {
        "status": "affected",
        "version": "Barco wePresent WiPG-1600W before firmware 2.4.1.19"
      },
      {
        "status": "affected",
        "version": "Extron ShareLink 200/250 firmware 2.0.3.4"
      },
      {
        "status": "affected",
        "version": "Teq AV IT WIPS710 firmware 1.1.0.7"
      },
      {
        "status": "affected",
        "version": "SHARP PN-L703WA firmware 1.4.2.3"
      },
      {
        "status": "affected",
        "version": "Optoma WPS-Pro firmware 1.0.0.5"
      },
      {
        "status": "affected",
        "version": "Blackbox HD WPS firmware 1.0.0.5"
      },
      {
        "status": "affected",
        "version": "InFocus LiteShow3 firmware 1.0.16"
      },
      {
        "status": "affected",
        "version": "and InFocus LiteShow4 2.0.0.7"
      }
    ]
  }
]

Related

checkpoint_advisories 1
cvelist 1
nvd 1
prion 1
threatpost 1
checkpoint_advisories
checkpoint_advisories
Crestron Stack Overflow (CVE-2019-3930)
2020-11-23 00:00:00
cvelist
cvelist
CVE-2019-3930
2019-04-30 20:25:56
nvd
nvd
CVE-2019-3930
2019-04-30 21:29:00
prion
prion
Stack overflow
2019-04-30 21:29:00
threatpost
threatpost
Critical Flaws Found in Eight Wireless Presentation Systems
2019-05-02 21:15:34

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.9%

JSON
Related for CVE-2019-3930
checkpoint_advisories1cvelist1nvd1prion1threatpost1