Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-3929
HistoryApr 30, 2019 - 9:29 p.m.

CVE-2019-3929

2019-04-3021:29:00
CWE-78
[email protected]
web.nvd.nist.gov
920
In Wild
cve-2019-3929
information security
vulnerability
command injection
remote attack
wireless presentation systems
firmware
operating system commands
cve

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Related

githubexploit 1
packetstorm 2
cisa_kev 1
nuclei 1
attackerkb 1
cvelist 1
zdt 2
prion 1
checkpoint_advisories 1
exploitpack 1
exploitdb 1
threatpost 1
githubexploit
githubexploit
Exploit for OS Command Injection in Crestron Am-100 Firmware
2019-09-17 16:23:04
packetstorm
packetstorm
Barco WePresent file_transfer.cgi Command Injection
2020-01-14 00:00:00
Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection
2019-05-03 00:00:00
cisa_kev
cisa_kev
Crestron Multiple Products Command Injection Vulnerability
2022-04-15 00:00:00
nuclei
nuclei
Barco/AWIND OEM Presentation Platform - Remote Command Injection
2021-11-05 15:28:18
attackerkb
attackerkb
CVE-2019-3929
2019-04-30 00:00:00
cvelist
cvelist
CVE-2019-3929
2019-04-30 20:21:09
zdt
zdt
Barco WePresent - file_transfer.cgi Command Injection Exploit
2020-01-15 00:00:00
Barco / AWIND OEM Presentation Platform Unauthenticated Remote Command Injection Vulnerability
2019-05-03 00:00:00
prion
prion
Command injection
2019-04-30 21:29:00
checkpoint_advisories
checkpoint_advisories
Barco EOM Presentation platform Remote Code Execution (CVE-2019-3929)
2019-05-12 00:00:00
exploitpack
exploitpack
Crestron AMBarco wePresent WiPGExtron ShareLinkTeq AV ITSHARP PN-L703WAOptoma WPS-ProBlackbox HD WPSInFocus LiteShow - Remote Command Injection
2019-05-03 00:00:00
exploitdb
exploitdb
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
2019-05-03 00:00:00
threatpost
threatpost
Critical Flaws Found in Eight Wireless Presentation Systems
2019-05-02 21:15:34

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for CVE-2019-3929
githubexploit1packetstorm2cisa_kev1nuclei1attackerkb1cvelist1zdt2prion1checkpoint_advisories1exploitpack1exploitdb1threatpost1