First published: Tue Apr 30 2019(Updated: )
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.
Credit: vulnreport@tenable.com vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Crestron AM-100 firmware | =1.6.0.2 | |
Crestron AM-100 | ||
Crestron AM-101 firmware | =2.7.0.2 | |
Crestron AM-101 | ||
Barco wePresent WiPG-1000P firmware | =2.3.0.10 | |
Barco wePresent WiPG-1000P | ||
Barco wePresent WiPG-1600W firmware | <2.4.1.19 | |
Barco wePresent WiPG-1600W | ||
Extron Sharelink 200 Firmware | =2.0.3.4 | |
Extron ShareLink 200 | ||
Extron Sharelink 250 Firmware | =2.0.3.4 | |
Extron Sharelink 250 | ||
Teqavit Wips710 Firmware | =1.1.0.7 | |
Teqavit Wips710 | ||
SHARP PN-L703WA firmware | =1.4.2.3 | |
SHARP PN-L703WA | ||
Optoma WPS-Pro firmware | =1.0.0.5 | |
Optoma WPS-Pro | ||
Blackbox Hd Wireless Presentation System Firmware | =1.0.0.5 | |
Blackbox Hd Wireless Presentation System | ||
InFocus LiteShow3 firmware | =1.0.16 | |
InFocus LiteShow3 | ||
Infocus Liteshow4 Firmware | =2.0.0.7 | |
InFocus LiteShow4 | ||
All of | ||
Crestron AM-100 firmware | =1.6.0.2 | |
Crestron AM-100 | ||
All of | ||
Crestron AM-101 firmware | =2.7.0.2 | |
Crestron AM-101 | ||
All of | ||
Barco wePresent WiPG-1000P firmware | =2.3.0.10 | |
Barco wePresent WiPG-1000P | ||
All of | ||
Barco wePresent WiPG-1600W firmware | <2.4.1.19 | |
Barco wePresent WiPG-1600W | ||
All of | ||
Extron Sharelink 200 Firmware | =2.0.3.4 | |
Extron ShareLink 200 | ||
All of | ||
Extron Sharelink 250 Firmware | =2.0.3.4 | |
Extron Sharelink 250 | ||
All of | ||
Teqavit Wips710 Firmware | =1.1.0.7 | |
Teqavit Wips710 | ||
All of | ||
SHARP PN-L703WA firmware | =1.4.2.3 | |
SHARP PN-L703WA | ||
All of | ||
Optoma WPS-Pro firmware | =1.0.0.5 | |
Optoma WPS-Pro | ||
All of | ||
Blackbox Hd Wireless Presentation System Firmware | =1.0.0.5 | |
Blackbox Hd Wireless Presentation System | ||
All of | ||
InFocus LiteShow3 firmware | =1.0.16 | |
InFocus LiteShow3 | ||
All of | ||
Infocus Liteshow4 Firmware | =2.0.0.7 | |
InFocus LiteShow4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-3930.
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, and Optoma WPS-Pro firmware 1.0.0.5 are affected by this vulnerability.
The severity of CVE-2019-3930 is 9.8 (Critical).
To fix CVE-2019-3930, apply the latest firmware updates provided by the respective vendors.
You can find more information about this vulnerability at the following reference link: https://www.tenable.com/security/research/tra-2019-20