CWE
787 121 119
Advisory Published
Updated

CVE-2019-3930: Buffer Overflow

First published: Tue Apr 30 2019(Updated: )

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.

Credit: vulnreport@tenable.com vulnreport@tenable.com

Affected SoftwareAffected VersionHow to fix
Crestron AM-100 firmware=1.6.0.2
Crestron AM-100
Crestron AM-101 firmware=2.7.0.2
Crestron AM-101
Barco wePresent WiPG-1000P firmware=2.3.0.10
Barco wePresent WiPG-1000P
Barco wePresent WiPG-1600W firmware<2.4.1.19
Barco wePresent WiPG-1600W
Extron Sharelink 200 Firmware=2.0.3.4
Extron ShareLink 200
Extron Sharelink 250 Firmware=2.0.3.4
Extron Sharelink 250
Teqavit Wips710 Firmware=1.1.0.7
Teqavit Wips710
SHARP PN-L703WA firmware=1.4.2.3
SHARP PN-L703WA
Optoma WPS-Pro firmware=1.0.0.5
Optoma WPS-Pro
Blackbox Hd Wireless Presentation System Firmware=1.0.0.5
Blackbox Hd Wireless Presentation System
InFocus LiteShow3 firmware=1.0.16
InFocus LiteShow3
Infocus Liteshow4 Firmware=2.0.0.7
InFocus LiteShow4
All of
Crestron AM-100 firmware=1.6.0.2
Crestron AM-100
All of
Crestron AM-101 firmware=2.7.0.2
Crestron AM-101
All of
Barco wePresent WiPG-1000P firmware=2.3.0.10
Barco wePresent WiPG-1000P
All of
Barco wePresent WiPG-1600W firmware<2.4.1.19
Barco wePresent WiPG-1600W
All of
Extron Sharelink 200 Firmware=2.0.3.4
Extron ShareLink 200
All of
Extron Sharelink 250 Firmware=2.0.3.4
Extron Sharelink 250
All of
Teqavit Wips710 Firmware=1.1.0.7
Teqavit Wips710
All of
SHARP PN-L703WA firmware=1.4.2.3
SHARP PN-L703WA
All of
Optoma WPS-Pro firmware=1.0.0.5
Optoma WPS-Pro
All of
Blackbox Hd Wireless Presentation System Firmware=1.0.0.5
Blackbox Hd Wireless Presentation System
All of
InFocus LiteShow3 firmware=1.0.16
InFocus LiteShow3
All of
Infocus Liteshow4 Firmware=2.0.0.7
InFocus LiteShow4

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2019-3930.

  • Which devices are affected by this vulnerability?

    The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, and Optoma WPS-Pro firmware 1.0.0.5 are affected by this vulnerability.

  • What is the severity of CVE-2019-3930?

    The severity of CVE-2019-3930 is 9.8 (Critical).

  • How can I fix CVE-2019-3930?

    To fix CVE-2019-3930, apply the latest firmware updates provided by the respective vendors.

  • Where can I find more information about this vulnerability?

    You can find more information about this vulnerability at the following reference link: https://www.tenable.com/security/research/tra-2019-20

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203