CVE-2020-17502
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameters xmodules, ymodules and savelocking are not properly handled. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards.
Barco TransForm N versiones anteriores a 3.8, permite una Inyección de Comandos (problema 2 de 4). El NDN-210 presenta un panel de administración web que está disponible a través de https. Se presenta un problema de inyección de comandos que permitirá a usuarios autenticados del panel de administración llevar a cabo una ejecución de código remota autenticada. Se presenta un problema en el archivo split_card_cmd.php en el que los parámetros http xmodules, ymodules y savelocking no son manejados apropiadamente. El NDN-210 es parte de la solución de Barco TransForm N e incluye el parche desde TransForm N versión 3.8 en adelante
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-12 CVE Reserved
- 2021-01-08 CVE Published
- 2024-03-11 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.barco.com/en/support/cms | 2021-01-13 | |
| https://www.barco.com/en/support/knowledge-base/kb11589 | 2021-01-13 | |
| https://www.barco.com/en/support/transform-n-management-server | 2021-01-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Barco Search vendor "Barco" | Transform N Search vendor "Barco" for product "Transform N" | < 3.8 Search vendor "Barco" for product "Transform N" and version " < 3.8" | - |
Affected
| in | Barco Search vendor "Barco" | Transform Ndn-210 Lite Search vendor "Barco" for product "Transform Ndn-210 Lite" | - | - |
Safe
|
| Barco Search vendor "Barco" | Transform N Search vendor "Barco" for product "Transform N" | < 3.8 Search vendor "Barco" for product "Transform N" and version " < 3.8" | - |
Affected
| in | Barco Search vendor "Barco" | Transform Ndn-210 Pro Search vendor "Barco" for product "Transform Ndn-210 Pro" | - | - |
Safe
|
| Barco Search vendor "Barco" | Transform N Search vendor "Barco" for product "Transform N" | < 3.8 Search vendor "Barco" for product "Transform N" and version " < 3.8" | - |
Affected
| in | Barco Search vendor "Barco" | Transform Ndn-211 Lite Search vendor "Barco" for product "Transform Ndn-211 Lite" | - | - |
Safe
|
| Barco Search vendor "Barco" | Transform N Search vendor "Barco" for product "Transform N" | < 3.8 Search vendor "Barco" for product "Transform N" and version " < 3.8" | - |
Affected
| in | Barco Search vendor "Barco" | Transform Ndn-211 Pro Search vendor "Barco" for product "Transform Ndn-211 Pro" | - | - |
Safe
|