CVE-2019-3930

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.

El firmware Crestron AM-100 versión 1.6.0.2, el firmware Crestron AM-101 versión 2.7.0.1, Barco wePresent WiPG-1000P firmware versión 2.3.0.10, Barco wePresent WiPG-1600W antes del firmware versión 2.4.1.19, Extron ShareLink 200/250 firmware versión 2.0.3.4, Teq AV IT WIPS710 firmware versión 1.1.0.7, SHARP PN-L703WA firmware versión 1.4.2.3, Optoma WPS-Pro firmware versión 1.0.0.5, Blackbox HD WPS firmware versión 1.0.0.5, InFocus LiteShow3 firmware versión 1.0.16 e InFocus LiteShow4 versión 2.0.0.7 son vulnerables a un desbordamiento de búfer de pila en la función PARSERtoCHAR de libAwgCgi.so. Un atacante remoto no autenticado puede usar esta vulnerabilidad para ejecutar código arbitrario como root por medio de una petición creada para el endpoint return.cgi.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-01-03 CVE Reserved
2019-04-30 CVE Published
2023-08-09 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-121: Stack-based Buffer Overflow
CWE-787: Out-of-bounds Write

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://www.tenable.com/security/research/tra-2019-20	2024-08-04

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Crestron Search vendor "Crestron"	Am-100 Firmware Search vendor "Crestron" for product "Am-100 Firmware"	1.6.0.2 Search vendor "Crestron" for product "Am-100 Firmware" and version "1.6.0.2"	-	Affected	in	Crestron Search vendor "Crestron"	Am-100 Search vendor "Crestron" for product "Am-100"	-	-	Safe
Crestron Search vendor "Crestron"	Am-101 Firmware Search vendor "Crestron" for product "Am-101 Firmware"	2.7.0.2 Search vendor "Crestron" for product "Am-101 Firmware" and version "2.7.0.2"	-	Affected	in	Crestron Search vendor "Crestron"	Am-101 Search vendor "Crestron" for product "Am-101"	-	-	Safe
Barco Search vendor "Barco"	Wepresent Wipg-1000p Firmware Search vendor "Barco" for product "Wepresent Wipg-1000p Firmware"	2.3.0.10 Search vendor "Barco" for product "Wepresent Wipg-1000p Firmware" and version "2.3.0.10"	-	Affected	in	Barco Search vendor "Barco"	Wepresent Wipg-1000p Search vendor "Barco" for product "Wepresent Wipg-1000p"	-	-	Safe
Barco Search vendor "Barco"	Wepresent Wipg-1600w Firmware Search vendor "Barco" for product "Wepresent Wipg-1600w Firmware"	< 2.4.1.19 Search vendor "Barco" for product "Wepresent Wipg-1600w Firmware" and version " < 2.4.1.19"	-	Affected	in	Barco Search vendor "Barco"	Wepresent Wipg-1600w Search vendor "Barco" for product "Wepresent Wipg-1600w"	-	-	Safe
Extron Search vendor "Extron"	Sharelink 200 Firmware Search vendor "Extron" for product "Sharelink 200 Firmware"	2.0.3.4 Search vendor "Extron" for product "Sharelink 200 Firmware" and version "2.0.3.4"	-	Affected	in	Extron Search vendor "Extron"	Sharelink 200 Search vendor "Extron" for product "Sharelink 200"	-	-	Safe
Extron Search vendor "Extron"	Sharelink 250 Firmware Search vendor "Extron" for product "Sharelink 250 Firmware"	2.0.3.4 Search vendor "Extron" for product "Sharelink 250 Firmware" and version "2.0.3.4"	-	Affected	in	Extron Search vendor "Extron"	Sharelink 250 Search vendor "Extron" for product "Sharelink 250"	-	-	Safe
Teqavit Search vendor "Teqavit"	Wips710 Firmware Search vendor "Teqavit" for product "Wips710 Firmware"	1.1.0.7 Search vendor "Teqavit" for product "Wips710 Firmware" and version "1.1.0.7"	-	Affected	in	Teqavit Search vendor "Teqavit"	Wips710 Search vendor "Teqavit" for product "Wips710"	-	-	Safe
Sharp Search vendor "Sharp"	Pn-l703wa Firmware Search vendor "Sharp" for product "Pn-l703wa Firmware"	1.4.2.3 Search vendor "Sharp" for product "Pn-l703wa Firmware" and version "1.4.2.3"	-	Affected	in	Sharp Search vendor "Sharp"	Pn-l703wa Search vendor "Sharp" for product "Pn-l703wa"	-	-	Safe
Optoma Search vendor "Optoma"	Wps-pro Firmware Search vendor "Optoma" for product "Wps-pro Firmware"	1.0.0.5 Search vendor "Optoma" for product "Wps-pro Firmware" and version "1.0.0.5"	-	Affected	in	Optoma Search vendor "Optoma"	Wps-pro Search vendor "Optoma" for product "Wps-pro"	-	-	Safe
Blackbox Search vendor "Blackbox"	Hd Wireless Presentation System Firmware Search vendor "Blackbox" for product "Hd Wireless Presentation System Firmware"	1.0.0.5 Search vendor "Blackbox" for product "Hd Wireless Presentation System Firmware" and version "1.0.0.5"	-	Affected	in	Blackbox Search vendor "Blackbox"	Hd Wireless Presentation System Search vendor "Blackbox" for product "Hd Wireless Presentation System"	-	-	Safe
Infocus Search vendor "Infocus"	Liteshow3 Firmware Search vendor "Infocus" for product "Liteshow3 Firmware"	1.0.16 Search vendor "Infocus" for product "Liteshow3 Firmware" and version "1.0.16"	-	Affected	in	Infocus Search vendor "Infocus"	Liteshow3 Search vendor "Infocus" for product "Liteshow3"	-	-	Safe
Infocus Search vendor "Infocus"	Liteshow4 Firmware Search vendor "Infocus" for product "Liteshow4 Firmware"	2.0.0.7 Search vendor "Infocus" for product "Liteshow4 Firmware" and version "2.0.0.7"	-	Affected	in	Infocus Search vendor "Infocus"	Liteshow4 Search vendor "Infocus" for product "Liteshow4"	-	-	Safe