Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-3929
HistoryApr 30, 2019 - 9:29 p.m.

CVE-2019-3929

2019-04-3021:29:00
CWE-79
CWE-78
[email protected]
web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.974 High

EPSS

Percentile

99.9%

JSON

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Affected configurations

NVD
Node
crestronam-100_firmwareMatch1.6.0.2
AND
crestronam-100Match-
Node
crestronam-101_firmwareMatch2.7.0.2
AND
crestronam-101Match-
Node
barcowepresent_wipg-1000p_firmwareMatch2.3.0.10
AND
barcowepresent_wipg-1000pMatch-
Node
barcowepresent_wipg-1600w_firmwareRange<2.4.1.19
AND
barcowepresent_wipg-1600wMatch-
Node
extronsharelink_200_firmwareMatch2.0.3.4
AND
extronsharelink_200Match-
Node
extronsharelink_250_firmwareMatch2.0.3.4
AND
extronsharelink_250Match-
Node
teqavitwips710_firmwareMatch1.1.0.7
AND
teqavitwips710Match-
Node
sharppn-l703wa_firmwareMatch1.4.2.3
AND
sharppn-l703waMatch-
Node
optomawps-pro_firmwareMatch1.0.0.5
AND
optomawps-proMatch-
Node
blackboxhd_wireless_presentation_system_firmwareMatch1.0.0.5
AND
blackboxhd_wireless_presentation_systemMatch-
Node
infocusliteshow3_firmwareMatch1.0.16
AND
infocusliteshow3Match-
Node
infocusliteshow4_firmwareMatch2.0.0.7
AND
infocusliteshow4Match-

Related

cisa_kev 1
nuclei 1
packetstorm 2
githubexploit 1
zdt 2
prion 1
attackerkb 1
cvelist 1
exploitpack 1
checkpoint_advisories 1
cve 1
exploitdb 1
threatpost 1
cisa_kev
cisa_kev
Crestron Multiple Products Command Injection Vulnerability
2022-04-15 00:00:00
nuclei
nuclei
Barco/AWIND OEM Presentation Platform - Remote Command Injection
2021-11-05 15:28:18
packetstorm
packetstorm
Barco WePresent file_transfer.cgi Command Injection
2020-01-14 00:00:00
Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection
2019-05-03 00:00:00
githubexploit
githubexploit
Exploit for OS Command Injection in Crestron Am-100 Firmware
2019-09-17 16:23:04
zdt
zdt
Barco / AWIND OEM Presentation Platform Unauthenticated Remote Command Injection Vulnerability
2019-05-03 00:00:00
Barco WePresent - file_transfer.cgi Command Injection Exploit
2020-01-15 00:00:00
prion
prion
Command injection
2019-04-30 21:29:00
attackerkb
attackerkb
CVE-2019-3929
2019-04-30 00:00:00
cvelist
cvelist
CVE-2019-3929
2019-04-30 20:21:09
exploitpack
exploitpack
Crestron AMBarco wePresent WiPGExtron ShareLinkTeq AV ITSHARP PN-L703WAOptoma WPS-ProBlackbox HD WPSInFocus LiteShow - Remote Command Injection
2019-05-03 00:00:00
checkpoint_advisories
checkpoint_advisories
Barco EOM Presentation platform Remote Code Execution (CVE-2019-3929)
2019-05-12 00:00:00
cve
cve
CVE-2019-3929
2019-04-30 21:29:00
exploitdb
exploitdb
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
2019-05-03 00:00:00
threatpost
threatpost
Critical Flaws Found in Eight Wireless Presentation Systems
2019-05-02 21:15:34

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.974 High

EPSS

Percentile

99.9%

JSON
Related for NVD:CVE-2019-3929
cisa_kev1nuclei1packetstorm2githubexploit1zdt2prion1attackerkb1cvelist1exploitpack1checkpoint_advisories1cve1exploitdb1threatpost1