Code injection

2019-12-1617:15:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON

On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware.

CPENameOperatorVersion
clickshare_cs-100_firmwarelt1.9.0
clickshare_cse-200\\+_firmwarelt1.9.0
clickshare_cse-200_firmwarelt1.9.0
clickshare_cse-800_firmwarelt1.9.0

Name	Operator	Version
clickshare_cs-100_firmware	lt	1.9.0
clickshare_cse-200\\+_firmware	lt	1.9.0
clickshare_cse-200_firmware	lt	1.9.0
clickshare_cse-800_firmware	lt	1.9.0

References

labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/

www.barco.com/en/clickshare/firmware-update

www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007