Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2019-3929

Published: 30/04/2019 Updated: 16/10/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Am-100 Firmware

Vulnerability Summary

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

crestron am-100_firmware 1.6.0.2

crestron am-101_firmware 2.7.0.2

barco wepresent_wipg-1000p_firmware 2.3.0.10

barco wepresent_wipg-1600w_firmware

extron sharelink_200_firmware 2.0.3.4

extron sharelink_250_firmware 2.0.3.4

teqavit wips710_firmware 1.1.0.7

sharp pn-l703wa_firmware 1.4.2.3

optoma wps-pro_firmware 1.0.0.5

blackbox hd_wireless_presentation_system_firmware 1.0.0.5

infocus liteshow3_firmware 1.0.16

infocus liteshow4_firmware 2.0.0.7

Exploits

Exploit DB: Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
## # Exploit Title: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection # Date: 05/01/2019 # Exploit Author: Jacob Baines # Tested on: Crestron AM-100 1602 # CVE : CVE-2019-3929 # PoC Video: wwwyoutubecom/watch?v=q-PIjnPcu2k # Advisory: wwwtenablecom/security/research/tra-2019-20 # Writeup: https:/ ...
Exploit DB: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection
Barco/AWIND OEM presentation platform suffers from an unauthenticated command injection vulnerability Products affected include Crestron AM-100 1602, Crestron AM-101 2701, Barco wePresent WiPG-1000P 23010, Barco wePresent WiPG-1600W before 24119, Extron ShareLink 200/250 2034, Teq AV IT WIPS710 1107, InFocus LiteShow3 1016, InF ...

Github Repositories

https://github.com/xfox64x/CVE-2019-3929

Crestron/Barco/Extron/InFocus/TeqAV Remote Command Injection (CVE-2019-3929) Metasploit Module

CVE-2019-3929 Crestron/Barco/Extron/InFocus/TeqAV Remote Command Injection (CVE-2019-3929) Metasploit Module Per Tenable's description: "A remote, unauthenticated attacker can execute operating system commands as root via crafted requests to the HTTP endpoint file_transfercgi This vulnerability appears to affect all known devices including the Crestron AM-100 firmwa

References

CWE-78https://www.tenable.com/security/research/tra-2019-20https://www.exploit-db.com/exploits/46786/http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.htmlhttp://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.htmlhttps://nvd.nist.govhttps://github.com/xfox64x/CVE-2019-3929https://www.exploit-db.com/exploits/46786
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook