CVE-2019-3929
Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Affected Platforms (CPE)
π»
Crestron
Am 100 Firmware
= 1.6.0.2π»
Crestron
Am 101 Firmware
= 2.7.0.2π»
Barco
Wepresent Wipg 1000p Firmware
= 2.3.0.10π»
Barco
Wepresent Wipg 1600w Firmware
< 2.4.1.19π»
Extron
Sharelink 200 Firmware
= 2.0.3.4π»
Extron
Sharelink 250 Firmware
= 2.0.3.4π»
Teqavit
Wips710 Firmware
= 1.1.0.7π»
Sharp
Pn L703wa Firmware
= 1.4.2.3π»
Optoma
Wps Pro Firmware
= 1.0.0.5π»
Blackbox
Hd Wireless Presentation System Firmware
= 1.0.0.5π»
Infocus
Liteshow3 Firmware
= 1.0.16π»
Infocus