CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2020-17504
https://notcve.org/view.php?id=CVE-2020-17504
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters "x_modules" and "y_modules" are not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards. El NDN-210 presenta un panel de administración web que está disponible por medio de https. • https://www.barco.com/en/support/cms https://www.barco.com/en/support/knowledge-base/kb11589 https://www.barco.com/en/support/transform-n-management-server • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2020-17503
https://notcve.org/view.php?id=CVE-2020-17503
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter "locking" is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards. El NDN-210 presenta un panel de administración web que está disponible a través de https. • https://www.barco.com/en/support/cms https://www.barco.com/en/support/knowledge-base/kb11589 https://www.barco.com/en/support/transform-n-management-server • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2020-17502
https://notcve.org/view.php?id=CVE-2020-17502
Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameters xmodules, ymodules and savelocking are not properly handled. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards. • https://www.barco.com/en/support/cms https://www.barco.com/en/support/knowledge-base/kb11589 https://www.barco.com/en/support/transform-n-management-server • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2020-17500
https://notcve.org/view.php?id=CVE-2020-17500
Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the username and password fields of the logon prompt. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards. • https://www.barco.com/en/support/cms https://www.barco.com/en/support/knowledge-base/kb11588 https://www.barco.com/en/support/transform-n-management-server • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •