CVE-2020-17503: Command Injection
First published: Fri Jan 08 2021(Updated: )
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter "locking" is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Barco TransForm N | <3.8 | |
| Barco TransForm NDN-210 Lite | ||
| Barco Transform Ndn-210 Pro | ||
| Barco Transform Ndn-211 Lite | ||
| Barco Transform Ndn-211 Pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-17503?
CVE-2020-17503 is a command injection vulnerability in the Barco TransForm NDN-210 web administration panel.
How severe is CVE-2020-17503?
CVE-2020-17503 has a severity rating of 7.2 (high).
Which software is affected by CVE-2020-17503?
The Barco TransForm NDN-210 with a version up to and exclusive of 3.8 is affected by CVE-2020-17503.
How can the vulnerability be fixed?
To fix CVE-2020-17503, it is recommended to update the Barco TransForm NDN-210 to a version that is beyond 3.8.
Where can I find more information about CVE-2020-17503?
You can find more information about CVE-2020-17503 on the Barco support website: [https://www.barco.com/en/support/cms](https://www.barco.com/en/support/cms) and [https://www.barco.com/en/support/knowledge-base/kb11589](https://www.barco.com/en/support/knowledge-base/kb11589).