CVE-2019-3930

Name of the Vulnerable Software and Affected Versions Crestron AM-100 version 1.6.0.2 Crestron AM-101 version 2.7.0.1 Barco wePresent WiPG-1000P version 2.3.0.10 Barco wePresent WiPG-1600W versions prior to 2.4.1.19 Extron ShareLink 200/250 version 2.0.3.4 Teq AV IT WIPS710 version 1.1.0.7 SHARP PN-L703WA version 1.4.2.3 Optoma WPS-Pro version 1.0.0.5 Blackbox HD WPS version 1.0.0.5 InFocus LiteShow3 version 1.0.16 InFocus LiteShow4 version 2.0.0.7

Description The issue is related to a stack buffer overflow in the PARSERtoCHAR function of libAwgCgi.so. This allows a remote, unauthenticated attacker to execute arbitrary code as root via a crafted request to the "return.cgi" endpoint.

Recommendations For Crestron AM-100 version 1.6.0.2, update to a newer version that contains a fix for this issue. For Crestron AM-101 version 2.7.0.1, update to a newer version that contains a fix for this issue. For Barco wePresent WiPG-1000P version 2.3.0.10, update to a newer version that contains a fix for this issue. For Barco wePresent WiPG-1600W versions prior to 2.4.1.19, update to version 2.4.1.19 or later. For Extron ShareLink 200/250 version 2.0.3.4, update to a newer version that contains a fix for this issue. For Teq AV IT WIPS710 version 1.1.0.7, update to a newer version that contains a fix for this issue. For SHARP PN-L703WA version 1.4.2.3, update to a newer version that contains a fix for this issue. For Optoma WPS-Pro version 1.0.0.5, update to a newer version that contains a fix for this issue. For Blackbox HD WPS version 1.0.0.5, update to a newer version that contains a fix for this issue. For InFocus LiteShow3 version 1.0.16, update to a newer version that contains a fix for this issue. For InFocus LiteShow4 version 2.0.0.7, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "return.cgi" endpoint until a patch is available.