CVE-2019-3930 : The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco we

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.

Published 2019-04-30 21:29:01

Updated 2020-10-16 18:30:20

Source Tenable Network Security, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute code

Products affected by CVE-2019-3930

Sharp » Pn-l703wa Firmware » Version: 1.4.2.3
cpe:2.3:o:sharp:pn-l703wa_firmware:1.4.2.3:*:*:*:*:*:*:*
Matching versions
When used together with: Sharp » Pn-l703wa » Version: N/A
Infocus » Liteshow3 Firmware » Version: 1.0.16
cpe:2.3:o:infocus:liteshow3_firmware:1.0.16:*:*:*:*:*:*:*
Matching versions
When used together with: Infocus » Liteshow3 » Version: N/A
Infocus » Liteshow4 Firmware » Version: 2.0.0.7
cpe:2.3:o:infocus:liteshow4_firmware:2.0.0.7:*:*:*:*:*:*:*
Matching versions
When used together with: Infocus » Liteshow4 » Version: N/A
Blackbox » Hd Wireless Presentation System Firmware » Version: 1.0.0.5
cpe:2.3:o:blackbox:hd_wireless_presentation_system_firmware:1.0.0.5:*:*:*:*:*:*:*
Matching versions
When used together with: Blackbox » Hd Wireless Presentation System » Version: N/A
Crestron » Am-100 Firmware » Version: 1.6.0.2
cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Crestron » Am-100 » Version: N/A
Crestron » Am-101 Firmware » Version: 2.7.0.2
cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Crestron » Am-101 » Version: N/A
Barco » Wepresent Wipg-1000p Firmware » Version: 2.3.0.10
cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:*:*:*:*:*:*:*
Matching versions
When used together with: Barco » Wepresent Wipg-1000p » Version: N/A
Barco » Wepresent Wipg-1600w Firmware
Versions before (<) 2.4.1.19
cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Barco » Wepresent Wipg-1600w » Version: N/A
Extron » Sharelink 200 Firmware » Version: 2.0.3.4
cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:*:*:*:*:*:*:*
Matching versions
When used together with: Extron » Sharelink 200 » Version: N/A
Extron » Sharelink 250 Firmware » Version: 2.0.3.4
cpe:2.3:o:extron:sharelink_250_firmware:2.0.3.4:*:*:*:*:*:*:*
Matching versions
When used together with: Extron » Sharelink 250 » Version: N/A
Teqavit » Wips710 Firmware » Version: 1.1.0.7
cpe:2.3:o:teqavit:wips710_firmware:1.1.0.7:*:*:*:*:*:*:*
Matching versions
When used together with: Teqavit » Wips710 » Version: N/A
Optoma » Wps-pro Firmware » Version: 1.0.0.5
cpe:2.3:o:optoma:wps-pro_firmware:1.0.0.5:*:*:*:*:*:*:*
Matching versions
When used together with: Optoma » Wps-pro » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-3930

EPSS FAQ

15.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-3930

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-3930

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Assigned by: vulnreport@tenable.com (Secondary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-3930

https://www.tenable.com/security/research/tra-2019-20

OEM Presentation Platform Vulnerabilities - Research Advisory | Tenable®
Exploit;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-3930

Products affected by CVE-2019-3930

Exploit prediction scoring system (EPSS) score for CVE-2019-3930

CVSS scores for CVE-2019-3930

CWE ids for CVE-2019-3930

References for CVE-2019-3930