CVE-2019-3929

Crestron Multiple Products Command Injection Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

El firmware Crestron AM-100 versión 1.6.0.2, el firmware Crestron AM-101 versión 2.7.0.1, Barco wePresent WiPG-1000P firmware versión 2.3.0.10, Barco wePresent WiPG-1600W antes del firmware versión 2.4.1.19, Extron ShareLink 200/250 firmware versión 2.0.3.4, Teq AV IT WIPS710 firmware versión 1.1.0.7, SHARP PN-L703WA firmware versión 1.4.2.3, Optoma WPS-Pro firmware versión 1.0.0.5, Blackbox HD WPS firmware versión 1.0.0.5, InFocus LiteShow3 firmware versión 1.0.16 e InFocus LiteShow4 versión 2.0.0.7 son vulnerables para ordenar la inyección por medio del endpoint HTTP file_transfer.cgi. Un atacante remoto no identificado puede usar esta vulnerabilidad para ejecutar comandos del sistema operativo como root.

Barco/AWIND OEM presentation platform suffers from an unauthenticated command injection vulnerability. Products affected include Crestron AM-100 1.6.0.2, Crestron AM-101 2.7.0.1, Barco wePresent WiPG-1000P 2.3.0.10, Barco wePresent WiPG-1600W before 2.4.1.19, Extron ShareLink 200/250 2.0.3.4, Teq AV IT WIPS710 1.1.0.7, InFocus LiteShow3 1.0.16, InFocus LiteShow4 2.0.0.7, Optoma WPS-Pro 1.0.0.5, Blackbox HD WPS 1.0.0.5, and SHARP PN-L703WA 1.4.2.3.

Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-01-03 CVE Reserved
2019-04-30 CVE Published
2019-11-25 First Exploit
2022-04-15 Exploited in Wild
2022-05-06 KEV Due Date
2024-08-04 CVE Updated
2024-10-11 EPSS Updated

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (7)

URL	Tag	Source
http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html	Third Party Advisory
http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html	Third Party Advisory
https://medium.com/tenable-techblog/eight-devices-one-exploit-f5fc28c70a7c

URL	Date	SRC
https://www.exploit-db.com/exploits/46786	2024-08-04
https://www.exploit-db.com/exploits/47924	2020-01-15
https://github.com/xfox64x/CVE-2019-3929	2019-11-25
https://www.tenable.com/security/research/tra-2019-20	2024-08-04

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Crestron Search vendor "Crestron"	Am-100 Firmware Search vendor "Crestron" for product "Am-100 Firmware"	1.6.0.2 Search vendor "Crestron" for product "Am-100 Firmware" and version "1.6.0.2"	-	Affected	in	Crestron Search vendor "Crestron"	Am-100 Search vendor "Crestron" for product "Am-100"	-	-	Safe
Crestron Search vendor "Crestron"	Am-101 Firmware Search vendor "Crestron" for product "Am-101 Firmware"	2.7.0.2 Search vendor "Crestron" for product "Am-101 Firmware" and version "2.7.0.2"	-	Affected	in	Crestron Search vendor "Crestron"	Am-101 Search vendor "Crestron" for product "Am-101"	-	-	Safe
Barco Search vendor "Barco"	Wepresent Wipg-1000p Firmware Search vendor "Barco" for product "Wepresent Wipg-1000p Firmware"	2.3.0.10 Search vendor "Barco" for product "Wepresent Wipg-1000p Firmware" and version "2.3.0.10"	-	Affected	in	Barco Search vendor "Barco"	Wepresent Wipg-1000p Search vendor "Barco" for product "Wepresent Wipg-1000p"	-	-	Safe
Barco Search vendor "Barco"	Wepresent Wipg-1600w Firmware Search vendor "Barco" for product "Wepresent Wipg-1600w Firmware"	< 2.4.1.19 Search vendor "Barco" for product "Wepresent Wipg-1600w Firmware" and version " < 2.4.1.19"	-	Affected	in	Barco Search vendor "Barco"	Wepresent Wipg-1600w Search vendor "Barco" for product "Wepresent Wipg-1600w"	-	-	Safe
Extron Search vendor "Extron"	Sharelink 200 Firmware Search vendor "Extron" for product "Sharelink 200 Firmware"	2.0.3.4 Search vendor "Extron" for product "Sharelink 200 Firmware" and version "2.0.3.4"	-	Affected	in	Extron Search vendor "Extron"	Sharelink 200 Search vendor "Extron" for product "Sharelink 200"	-	-	Safe
Extron Search vendor "Extron"	Sharelink 250 Firmware Search vendor "Extron" for product "Sharelink 250 Firmware"	2.0.3.4 Search vendor "Extron" for product "Sharelink 250 Firmware" and version "2.0.3.4"	-	Affected	in	Extron Search vendor "Extron"	Sharelink 250 Search vendor "Extron" for product "Sharelink 250"	-	-	Safe
Teqavit Search vendor "Teqavit"	Wips710 Firmware Search vendor "Teqavit" for product "Wips710 Firmware"	1.1.0.7 Search vendor "Teqavit" for product "Wips710 Firmware" and version "1.1.0.7"	-	Affected	in	Teqavit Search vendor "Teqavit"	Wips710 Search vendor "Teqavit" for product "Wips710"	-	-	Safe
Sharp Search vendor "Sharp"	Pn-l703wa Firmware Search vendor "Sharp" for product "Pn-l703wa Firmware"	1.4.2.3 Search vendor "Sharp" for product "Pn-l703wa Firmware" and version "1.4.2.3"	-	Affected	in	Sharp Search vendor "Sharp"	Pn-l703wa Search vendor "Sharp" for product "Pn-l703wa"	-	-	Safe
Optoma Search vendor "Optoma"	Wps-pro Firmware Search vendor "Optoma" for product "Wps-pro Firmware"	1.0.0.5 Search vendor "Optoma" for product "Wps-pro Firmware" and version "1.0.0.5"	-	Affected	in	Optoma Search vendor "Optoma"	Wps-pro Search vendor "Optoma" for product "Wps-pro"	-	-	Safe
Blackbox Search vendor "Blackbox"	Hd Wireless Presentation System Firmware Search vendor "Blackbox" for product "Hd Wireless Presentation System Firmware"	1.0.0.5 Search vendor "Blackbox" for product "Hd Wireless Presentation System Firmware" and version "1.0.0.5"	-	Affected	in	Blackbox Search vendor "Blackbox"	Hd Wireless Presentation System Search vendor "Blackbox" for product "Hd Wireless Presentation System"	-	-	Safe
Infocus Search vendor "Infocus"	Liteshow3 Firmware Search vendor "Infocus" for product "Liteshow3 Firmware"	1.0.16 Search vendor "Infocus" for product "Liteshow3 Firmware" and version "1.0.16"	-	Affected	in	Infocus Search vendor "Infocus"	Liteshow3 Search vendor "Infocus" for product "Liteshow3"	-	-	Safe
Infocus Search vendor "Infocus"	Liteshow4 Firmware Search vendor "Infocus" for product "Liteshow4 Firmware"	2.0.0.7 Search vendor "Infocus" for product "Liteshow4 Firmware" and version "2.0.0.7"	-	Affected	in	Infocus Search vendor "Infocus"	Liteshow4 Search vendor "Infocus" for product "Liteshow4"	-	-	Safe