PT-2024-35974 · Barco · Barco Clickshare Cx-30/20+5
Published
2024-12-10
·
Updated
2024-12-10
·
CVE-2024-53919
CVSS v3.1
7.6
High
| Vector | AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Barco ClickShare CX-30/20, C-5/10, ClickShare Bar Pro, and Core models versions prior to 2.21.1
Description:
An injection vulnerability allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root. This issue affects models running firmware before version 2.21.1.
Recommendations:
For versions prior to 2.21.1, update the firmware to version 2.21.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the webUI to minimize the risk of exploitation.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Barco C-10
Barco C-5
Barco Clickshare Bar Pro
Barco Clickshare Cx-20
Barco Clickshare Cx-30/20
Barco Clickshare Core