CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18826
https://notcve.org/view.php?id=CVE-2019-18826
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, presentan Seguimiento Inapropiado de una Cadena de Confianza del Certificado. El programa integrado "dongle_bridge" utilizado para exponer las fu... • https://www.barco.com/en/clickshare/firmware-update • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 15%CPEs: 24EXPL: 1CVE-2019-3930
https://notcve.org/view.php?id=CVE-2019-3930
30 Apr 2019 — The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, una... • https://www.tenable.com/security/research/tra-2019-20 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 94%CPEs: 24EXPL: 6CVE-2019-3929 – Crestron Multiple Products Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-3929
30 Apr 2019 — The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthent... • https://packetstorm.news/files/id/155948 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10943
https://notcve.org/view.php?id=CVE-2018-10943
10 Jul 2018 — An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit. Se ha descubierto un problema en las unidades base Barco ClickShare CSE-200 y CS-100 con firmware en versiones anteriores a la 1.6.0.3. El envío de una cadena arbitraria inesperada al puerto TCP 7100 respetando una determinada frecuencia de tiempo descon... • https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2017-12460
https://notcve.org/view.php?id=CVE-2017-12460
30 Oct 2017 — An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output. Se ha descubierto un problema en Barco ClickShare con firmware CSM-1 anterior a v1.7.0.3 y firmware CSC-1 anterior a v1.10.0.10... • https://www.barco.com/en/Support/software/R33050037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 6%CPEs: 4EXPL: 0CVE-2017-9377
https://notcve.org/view.php?id=CVE-2017-9377
30 Oct 2017 — A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device. Se ha identificado una inyección de comandos en dispositivos Barco ClickShare Base Unit con firmware CSM-1 en versiones anteriores a la 1.7.0.3 y firmware CSC-1 en versiones anteriores a la 1.10.0.10. Un atacante que tenga acceso a la API ... • http://www.securityfocus.com/bid/101617 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 14%CPEs: 4EXPL: 0CVE-2016-3149 – Barco ClickShare XSS / Remote Code Execution / Path Traversal
https://notcve.org/view.php?id=CVE-2016-3149
14 Nov 2016 — Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors. Los dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03 y CSM-1 con firmware anterior a 01.06.02 permiten a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. Barco ClickShare suffers from remote code execution, cross site scripting, path traversal, and file disclosure vulnerabi... • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3150 – Barco ClickShare XSS / Remote Code Execution / Path Traversal
https://notcve.org/view.php?id=CVE-2016-3150
14 Nov 2016 — Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en wallpaper.php en el Base Unit en dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03, CSM-1 con firmware anteriores a 01.06.02 y CSE-200 con firmwa... • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-3151 – Barco ClickShare XSS / Remote Code Execution / Path Traversal
https://notcve.org/view.php?id=CVE-2016-3151
14 Nov 2016 — Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. Vulnerabilidad de salto de directorio en la funcionalidad de análisis de fondos de pantalla en dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03, CSM-1 con firmware anterior a 01.06.02 y CSE-... • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3152 – Barco ClickShare XSS / Remote Code Execution / Path Traversal
https://notcve.org/view.php?id=CVE-2016-3152
14 Nov 2016 — Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. Los dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03 permiten a atacantes remotos obtener la contraseña del root descargando y extrayendo la imagen del firmware. Barco ClickShare suffers from remote code execution, cross site scripting, path traversal, and file disclosure vulnerabilities. • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •