CVE-2020-17500

Name of the Vulnerable Software and Affected Versions: Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro versions prior to 3.8

Description: The issue affects the web administration panel of the Barco TransForm NDN-210, which uses basic authentication over https. There is a command injection issue in the username and password fields of the logon prompt, resulting in unauthenticated remote code execution. The NDN-210 is part of the Barco TransForm N solution.

Recommendations: For Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro versions prior to 3.8, update to version 3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the web administration panel to minimize the risk of exploitation. Avoid using the username and password fields in the logon prompt until the issue is resolved.