PT-2019-16783 · Extron+7 · Extron Sharelink 200/250+10

Jacob Baines

·

Published

2019-04-30

·

Updated

2025-02-07

·

CVE-2019-3929

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Crestron AM-100 version 1.6.0.2 Crestron AM-101 version 2.7.0.1 Barco wePresent WiPG-1000P version 2.3.0.10 Barco wePresent WiPG-1600W versions prior to 2.4.1.19 Extron ShareLink 200/250 version 2.0.3.4 Teq AV IT WIPS710 version 1.1.0.7 SHARP PN-L703WA version 1.4.2.3 Optoma WPS-Pro version 1.0.0.5 Blackbox HD WPS version 1.0.0.5 InFocus LiteShow3 version 1.0.16 InFocus LiteShow4 version 2.0.0.7
Description The issue allows a remote, unauthenticated attacker to execute operating system commands as root via command injection through the "file transfer.cgi" HTTP endpoint.
Recommendations For Crestron AM-100 version 1.6.0.2, consider disabling access to the "file transfer.cgi" endpoint until a patch is available. For Crestron AM-101 version 2.7.0.1, consider disabling access to the "file transfer.cgi" endpoint until a patch is available. For Barco wePresent WiPG-1000P version 2.3.0.10, consider disabling access to the "file transfer.cgi" endpoint until a patch is available. For Barco wePresent WiPG-1600W versions prior to 2.4.1.19, update to firmware 2.4.1.19 or later. For Extron ShareLink 200/250 version 2.0.3.4, consider disabling access to the "file transfer.cgi" endpoint until a patch is available. For Teq AV IT WIPS710 version 1.1.0.7, consider disabling access to the "file transfer.cgi" endpoint until a patch is available. For SHARP PN-L703WA version 1.4.2.3, consider disabling access to the "file transfer.cgi" endpoint until a patch is available. For Optoma WPS-Pro version 1.0.0.5, consider disabling access to the "file transfer.cgi" endpoint until a patch is available. For Blackbox HD WPS version 1.0.0.5, consider disabling access to the "file transfer.cgi" endpoint until a patch is available. For InFocus LiteShow3 version 1.0.16, consider disabling access to the "file transfer.cgi" endpoint until a patch is available. For InFocus LiteShow4 version 2.0.0.7, consider disabling access to the "file transfer.cgi" endpoint until a patch is available.

Exploit

Fix

OS Command Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-79

Related Identifiers

CVE-2019-3929

Affected Products

Barco Wepresent Wipg-1000P
Barco Wepresent Wipg-1600W
Blackbox Hd Wps
Crestron Am-100
Crestron Am-101
Extron Sharelink 200/250
Infocus Liteshow3
Infocus Liteshow4
Optoma Wps-Pro
Sharp Pn-L703Wa
Teq Av It Wips710