The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Published 2019-04-30 21:29:01
Updated 2020-10-16 18:09:51
View at NVD,   CVE.org
Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2019-3929

CVE-2019-3929 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Crestron Multiple Products Command Injection Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-3929
Added on 2022-04-15 Action due date 2022-05-06

Exploit prediction scoring system (EPSS) score for CVE-2019-3929

97.36%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2019-3929

  • Barco WePresent file_transfer.cgi Command Injection
    Disclosure Date: 2019-04-30
    First seen: 2020-04-26
    exploit/linux/http/wepresent_cmd_injection
    This module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint. Authors: - Jacob Baines

CVSS scores for CVE-2019-3929

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2019-3929

References for CVE-2019-3929

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!