CVE-2020-17503

Name of the Vulnerable Software and Affected Versions: Barco TransForm N versions prior to 3.8

Description: The NDN-210 device has a web administration panel accessible over https, where a command injection issue allows authenticated users to perform remote code execution. The issue is located in the split card cmd.php file, specifically with the locking http parameter not being properly handled.

Recommendations: For versions prior to 3.8, update to TransForm N version 3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the split card cmd.php file or disabling the locking parameter in the http request to minimize the risk of exploitation.