CVSS: 10.0EPSS: 15%CPEs: 24EXPL: 1CVE-2019-3930
https://notcve.org/view.php?id=CVE-2019-3930
30 Apr 2019 — The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, una... • https://www.tenable.com/security/research/tra-2019-20 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 94%CPEs: 24EXPL: 6CVE-2019-3929 – Crestron Multiple Products Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-3929
30 Apr 2019 — The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthent... • https://packetstorm.news/files/id/155948 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14972
https://notcve.org/view.php?id=CVE-2017-14972
09 Oct 2017 — InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file. InFocus Mondopad 2.2.08 es vulnerable a una omisión de autenticación cuando se accede a archivos subidos por medio del atajo Control+Alt+Supr y utilizando entonces el Gestor de tareas para seleccionar un archivo. • https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20%3C%202.2.08%20-%20CVE-2017-14972 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 4CVE-2014-8383 – InFocus IN3128HD Projector Missing Authentication
https://notcve.org/view.php?id=CVE-2014-8383
28 Apr 2015 — The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html. El proyector InFocus IN3128HD con firmware 0.26 permite a atacantes remotos evadir la autenticación a través de una solicitud directa en main.html. Core Security Technologies Advisory - The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several... • https://packetstorm.news/files/id/131661 •
CVSS: 9.4EPSS: 1%CPEs: 2EXPL: 4CVE-2014-8384 – InFocus IN3128HD Projector Missing Authentication
https://notcve.org/view.php?id=CVE-2014-8384
28 Apr 2015 — The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request. El proyector InFocus IN3128HD con firmware 0.26 no restringe el acceso a cgi-bin/webctrl.cgi.elf, lo que permite a atacantes remotos modificar la configuración del servidor DHCP y del IP del dispositivo, cambiar el nombre de... • https://packetstorm.news/files/id/131661 •