4 matches found
CVE-2020-17500
Barco TransForm NDN-210 Lite/Pro and NDN-211 Lite/Pro (pre-3.8) are affected by a Command Injection vulnerability in the web login prompt. The system uses an HTTPS web administration panel with basic authentication, and the flaw can lead to unauthenticated remote code execution via the username a...
CVE-2020-17503
CVE-2020-17503 affects Barco NDN-210 (TransForm N) via a command injection in split_card_cmd.php. The vulnerability allows authenticated users to perform remote code execution over the web admin panel due to improper handling of the http parameter "locking". Affected product is Barco TransForm N;...
CVE-2020-17502
CVE-2020-17502 affects Barco TransForm NDN-210 Web administration panel (Barco TransForm N) before version 3.8. A command injection vulnerability exists in split_card_cmd.php where HTTP parameters xmodules, ymodules and savelocking are not properly handled, enabling authenticated users to perform...
CVE-2020-17504
The CVE-2020-17504 issue affects Barco TransForm N solution’s NDN-210 device, where the web administration panel exposes a command injection vulnerability in ngpsystemcmd.php. Improper handling of the HTTP parameters x_modules and y_modules enables authenticated users to perform authenticated rem...