The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBarco Wepresent Wipg 1000p
HWBarcowszystkie wersjeBarco Wepresent Wipg 1000p Firmware
OSBarco2.3.0.10Barco Wepresent Wipg 1600w
HWBarcowszystkie wersjeBarco Wepresent Wipg 1600w Firmware
OSBarco< 2.4.1.19Blackbox Hd Wireless Presentation System
HWBlackboxwszystkie wersjeBlackbox Hd Wireless Presentation System Firmware
OSBlackbox1.0.0.5Crestron Am 100
HWCrestronwszystkie wersjeCrestron Am 100 Firmware
OSCrestron1.6.0.2Crestron Am 101
HWCrestronwszystkie wersjeCrestron Am 101 Firmware
OSCrestron2.7.0.2Extron Sharelink 200
HWExtronwszystkie wersjeExtron Sharelink 200 Firmware
OSExtron2.0.3.4Extron Sharelink 250
HWExtronwszystkie wersjeExtron Sharelink 250 Firmware
OSExtron2.0.3.4Infocus Liteshow3
HWInfocuswszystkie wersjeInfocus Liteshow3 Firmware
OSInfocus1.0.16Infocus Liteshow4
HWInfocuswszystkie wersjeInfocus Liteshow4 Firmware
OSInfocus2.0.0.7Optoma Wps Pro
HWOptomawszystkie wersjeOptoma Wps Pro Firmware
OSOptoma1.0.0.5Sharp Pn L703wa
HWSharpwszystkie wersjeSharp Pn L703wa Firmware
OSSharp1.4.2.3Teqavit Wips710
HWTeqavitwszystkie wersjeTeqavit Wips710 Firmware
OSTeqavit1.1.0.7
CISA KEV — detailsi
- Vendori
- Crestron
- Producti
- Multiple Products
- Added to KEVi
- April 15, 2022
- Remediation deadline (US Federal)i
- May 6, 2022(overdue)
Apply updates per vendor instructions.
Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Related vulnerabilities
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePres...
Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2....
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by insp...
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5...
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and...