Vulnerability Details : CVE-2019-3929
Public exploit exists!
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2019-3929
- cpe:2.3:o:sharp:pn-l703wa_firmware:1.4.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:infocus:liteshow3_firmware:1.0.16:*:*:*:*:*:*:*
- cpe:2.3:o:infocus:liteshow4_firmware:2.0.0.7:*:*:*:*:*:*:*
- cpe:2.3:o:blackbox:hd_wireless_presentation_system_firmware:1.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:*:*:*:*:*:*:*
- cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:*:*:*:*:*:*:*
- cpe:2.3:o:extron:sharelink_250_firmware:2.0.3.4:*:*:*:*:*:*:*
- cpe:2.3:o:teqavit:wips710_firmware:1.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:o:optoma:wps-pro_firmware:1.0.0.5:*:*:*:*:*:*:*
CVE-2019-3929 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Crestron Multiple Products Command Injection Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-3929
Added on
2022-04-15
Action due date
2022-05-06
Exploit prediction scoring system (EPSS) score for CVE-2019-3929
97.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-3929
-
Barco WePresent file_transfer.cgi Command Injection
Disclosure Date: 2019-04-30First seen: 2020-04-26exploit/linux/http/wepresent_cmd_injectionThis module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint. Authors: - Jacob Baines
CVSS scores for CVE-2019-3929
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-3929
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: vulnreport@tenable.com (Secondary)
References for CVE-2019-3929
-
http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html
Barco WePresent file_transfer.cgi Command Injection ≈ Packet StormThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html
Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection ≈ Packet StormThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/46786/
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command InjectionExploit;Third Party Advisory;VDB Entry
-
https://www.tenable.com/security/research/tra-2019-20
OEM Presentation Platform Vulnerabilities - Research Advisory | Tenable®Exploit;Third Party Advisory
Jump to