CVE-2021-35482
https://notcve.org/view.php?id=CVE-2021-35482
An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution (with user privileges of the local user) on any device that tries to connect to a WePresent presentation system. Se ha detectado un problema en Barco MirrorOp Windows Sender versiones anteriores a 2.5.4.70. Un atacante en la red local es capaz de lograr una Ejecución de Código Remota (con privilegios del usuario local) en cualquier dispositivo que intente conectarse a un sistema de presentación WePresent • https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=4&buildVersion=70 •
CVE-2020-17504
https://notcve.org/view.php?id=CVE-2020-17504
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters "x_modules" and "y_modules" are not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards. El NDN-210 presenta un panel de administración web que está disponible por medio de https. • https://www.barco.com/en/support/cms https://www.barco.com/en/support/knowledge-base/kb11589 https://www.barco.com/en/support/transform-n-management-server • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2020-17503
https://notcve.org/view.php?id=CVE-2020-17503
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter "locking" is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards. El NDN-210 presenta un panel de administración web que está disponible a través de https. • https://www.barco.com/en/support/cms https://www.barco.com/en/support/knowledge-base/kb11589 https://www.barco.com/en/support/transform-n-management-server • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2020-17502
https://notcve.org/view.php?id=CVE-2020-17502
Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameters xmodules, ymodules and savelocking are not properly handled. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards. • https://www.barco.com/en/support/cms https://www.barco.com/en/support/knowledge-base/kb11589 https://www.barco.com/en/support/transform-n-management-server • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2020-17500
https://notcve.org/view.php?id=CVE-2020-17500
Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the username and password fields of the logon prompt. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards. • https://www.barco.com/en/support/cms https://www.barco.com/en/support/knowledge-base/kb11588 https://www.barco.com/en/support/transform-n-management-server • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •