CVE-2021-38142

Name of the Vulnerable Software and Affected Versions: Barco MirrorOp Windows Sender versions prior to 2.5.3.65

Description: The issue allows rogue software upgrades due to the use of cleartext HTTP, which is not secured with TLS. An attacker on the local network can achieve remote code execution on any computer that tries to update the software.

Recommendations: For versions prior to 2.5.3.65, update to version 2.5.3.65 or later to resolve the issue. As a temporary workaround, consider restricting access to the upgrade mechanism to minimize the risk of exploitation.