CVE-2020-17500
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the username and password fields of the logon prompt. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards.
Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite y NDN-211 Pro versiones anteriores a 3.8, permiten una Inyección de Comandos (problema 1 de 4). El NDN-210, presenta un panel de administración web que está disponible por medio de https. El método de inicio de sesión es la autenticación básica. Se presenta un problema de inyección de comando que resultará en una ejecución de código remoto no autenticado en los campos username y password del indicador de inicio de sesión. El NDN-210 es parte de la solución Barco TransForm N e incluye el parche de TransForm N versión 3.8 en adelante
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-12 CVE Reserved
- 2021-01-07 CVE Published
- 2024-03-10 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.barco.com/en/support/cms | 2021-01-13 | |
| https://www.barco.com/en/support/knowledge-base/kb11588 | 2021-01-13 | |
| https://www.barco.com/en/support/transform-n-management-server | 2021-01-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Barco Search vendor "Barco" | Transform N Search vendor "Barco" for product "Transform N" | < 3.8 Search vendor "Barco" for product "Transform N" and version " < 3.8" | - |
Affected
| in | Barco Search vendor "Barco" | Transform Ndn-210 Lite Search vendor "Barco" for product "Transform Ndn-210 Lite" | - | - |
Safe
|
| Barco Search vendor "Barco" | Transform N Search vendor "Barco" for product "Transform N" | < 3.8 Search vendor "Barco" for product "Transform N" and version " < 3.8" | - |
Affected
| in | Barco Search vendor "Barco" | Transform Ndn-210 Pro Search vendor "Barco" for product "Transform Ndn-210 Pro" | - | - |
Safe
|
| Barco Search vendor "Barco" | Transform N Search vendor "Barco" for product "Transform N" | < 3.8 Search vendor "Barco" for product "Transform N" and version " < 3.8" | - |
Affected
| in | Barco Search vendor "Barco" | Transform Ndn-211 Lite Search vendor "Barco" for product "Transform Ndn-211 Lite" | - | - |
Safe
|
| Barco Search vendor "Barco" | Transform N Search vendor "Barco" for product "Transform N" | < 3.8 Search vendor "Barco" for product "Transform N" and version " < 3.8" | - |
Affected
| in | Barco Search vendor "Barco" | Transform Ndn-211 Pro Search vendor "Barco" for product "Transform Ndn-211 Pro" | - | - |
Safe
|