| Summary | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. |
|---|---|
| Publication Date | May 1, 2019, 6:29 a.m. |
| Registration Date | Jan. 26, 2021, 11:42 a.m. |
| Last Update | Nov. 21, 2024, 1:42 p.m. |
| CVSS3.1 : CRITICAL | |
| スコア | 9.8 |
|---|---|
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃に必要な特権レベル(PR) | 不要 |
| 利用者の関与(UI) | 不要 |
| 影響の想定範囲(S) | 変更なし |
| 機密性への影響(C) | 高 |
| 完全性への影響(I) | 高 |
| 可用性への影響(A) | 高 |
| CVSS2.0 : HIGH | |
| Score | 10.0 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃前の認証要否(Au) | 不要 |
| 機密性への影響(C) | 高 |
| 完全性への影響(I) | 高 |
| 可用性への影響(A) | 高 |
| Get all privileges. | いいえ |
| Get user privileges | いいえ |
| Get other privileges | いいえ |
| User operation required | いいえ |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:barco:wepresent_wipg-1000p:-:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:*:*:*:*:*:*:*:* | 2.4.1.19 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:extron:sharelink_200:-:*:*:*:*:*:*:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:extron:sharelink_250_firmware:2.0.3.4:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:extron:sharelink_250:-:*:*:*:*:*:*:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:o:teqavit:wips710_firmware:1.1.0.7:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:teqavit:wips710:-:*:*:*:*:*:*:* | ||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:o:sharp:pn-l703wa_firmware:1.4.2.3:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:sharp:pn-l703wa:-:*:*:*:*:*:*:* | ||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:o:optoma:wps-pro_firmware:1.0.0.5:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:optoma:wps-pro:-:*:*:*:*:*:*:* | ||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:o:blackbox:hd_wireless_presentation_system_firmware:1.0.0.5:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:blackbox:hd_wireless_presentation_system:-:*:*:*:*:*:*:* | ||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:o:infocus:liteshow3_firmware:1.0.16:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:infocus:liteshow3:-:*:*:*:*:*:*:* | ||||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:o:infocus:liteshow4_firmware:2.0.0.7:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:infocus:liteshow4:-:*:*:*:*:*:*:* | ||||
| Title | Crestron AM-100 ファームウェアなどの製品におけるコマンドインジェクションの脆弱性 |
|---|---|
| Summary | Crestron AM-100 ファームウェアなどの製品には、コマンドインジェクションの脆弱性が存在します。 |
| Possible impacts | 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date | April 30, 2019, midnight |
| Registration Date | May 27, 2019, 2:08 p.m. |
| Last Update | May 27, 2019, 2:08 p.m. |
| シャープ株式会社 |
| PN-L703WA ファームウェア 1.4.2.3 |
| InFocus Corporation |
| LiteShow3 ファームウェア 1.0.16 |
| LiteShow4 ファームウェア 2.0.0.7 |
| Black Box Network Services. |
| HD Wireless Presentation System ファームウェア 1.0.0.5 |
| Crestron Electronics, Inc. |
| AirMedia AM-100 ファームウェア 1.6.0.2 |
| AirMedia AM-101 ファームウェア 2.7.0.1 |
| Barco |
| wePresent WiPG-1000P ファームウェア 2.3.0.10 |
| wePresent WiPG-1600W ファームウェア 2.4.1.19 未満 |
| Extron |
| Extron ShareLink 200 ファームウェア 2.0.3.4 |
| Extron ShareLink 250 ファームウェア 2.0.3.4 |
| Teq AVIT |
| WiPS710 ファームウェア 1.1.0.7 |
| Optoma |
| WPS-Pro ファームウェア 1.0.0.5 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2019年05月27日] 掲載 |
May 27, 2019, 2:08 p.m. |