Stack overflow

2019-04-3021:29:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.9%

JSON

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so’s PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.

CPENameOperatorVersion
wepresent_wipg-1000p_firmwareeq2.3.0.10
wepresent_wipg-1600w_firmwarelt2.4.1.19
hd_wireless_presentation_system_firmwareeq1.0.0.5
am-100_firmwareeq1.6.0.2
am-101_firmwareeq2.7.0.2
sharelink_200_firmwareeq2.0.3.4
sharelink_250_firmwareeq2.0.3.4
liteshow3_firmwareeq1.0.16
liteshow4_firmwareeq2.0.0.7
wps-pro_firmwareeq1.0.0.5

Name	Operator	Version
wepresent_wipg-1000p_firmware	eq	2.3.0.10
wepresent_wipg-1600w_firmware	lt	2.4.1.19
hd_wireless_presentation_system_firmware	eq	1.0.0.5
am-100_firmware	eq	1.6.0.2
am-101_firmware	eq	2.7.0.2
sharelink_200_firmware	eq	2.0.3.4
sharelink_250_firmware	eq	2.0.3.4
liteshow3_firmware	eq	1.0.16
liteshow4_firmware	eq	2.0.0.7
wps-pro_firmware	eq	1.0.0.5