CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2019-3929

CVSS 9.8v3.1pub. 2019-04-30upd. 2025-11-03

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Barco Wepresent Wipg 1000p

    HW
    Barco
    wszystkie wersje
  • Barco Wepresent Wipg 1000p Firmware

    OS
    Barco
    2.3.0.10
  • Barco Wepresent Wipg 1600w

    HW
    Barco
    wszystkie wersje
  • Barco Wepresent Wipg 1600w Firmware

    OS
    Barco
    < 2.4.1.19
  • Blackbox Hd Wireless Presentation System

    HW
    Blackbox
    wszystkie wersje
  • Blackbox Hd Wireless Presentation System Firmware

    OS
    Blackbox
    1.0.0.5
  • Crestron Am 100

    HW
    Crestron
    wszystkie wersje
  • Crestron Am 100 Firmware

    OS
    Crestron
    1.6.0.2
  • Crestron Am 101

    HW
    Crestron
    wszystkie wersje
  • Crestron Am 101 Firmware

    OS
    Crestron
    2.7.0.2
  • Extron Sharelink 200

    HW
    Extron
    wszystkie wersje
  • Extron Sharelink 200 Firmware

    OS
    Extron
    2.0.3.4
  • Extron Sharelink 250

    HW
    Extron
    wszystkie wersje
  • Extron Sharelink 250 Firmware

    OS
    Extron
    2.0.3.4
  • Infocus Liteshow3

    HW
    Infocus
    wszystkie wersje
  • Infocus Liteshow3 Firmware

    OS
    Infocus
    1.0.16
  • Infocus Liteshow4

    HW
    Infocus
    wszystkie wersje
  • Infocus Liteshow4 Firmware

    OS
    Infocus
    2.0.0.7
  • Optoma Wps Pro

    HW
    Optoma
    wszystkie wersje
  • Optoma Wps Pro Firmware

    OS
    Optoma
    1.0.0.5
  • Sharp Pn L703wa

    HW
    Sharp
    wszystkie wersje
  • Sharp Pn L703wa Firmware

    OS
    Sharp
    1.4.2.3
  • Teqavit Wips710

    HW
    Teqavit
    wszystkie wersje
  • Teqavit Wips710 Firmware

    OS
    Teqavit
    1.1.0.7

CISA KEV — detailsi

Vendori
Crestron
Producti
Multiple Products
Added to KEVi
April 15, 2022
Remediation deadline (US Federal)i
May 6, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 6 maja 2022
Tags
Auth BypassXSSCommand Injection
CWE
References

Related vulnerabilities

CVE-2020-28333CRITICAL9.8ten sam produkt

Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePres...

CVE-2020-28334CRITICAL9.8ten sam produkt

Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2....

CVE-2020-28329CRITICAL9.8ten sam produkt

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by insp...

CVE-2020-28332CRITICAL9.8ten sam produkt

Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5...

CVE-2019-3927CRITICAL9.8ten sam produkt

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and...