CVE-2020-17504: Command Injection
First published: Fri Jan 08 2021(Updated: )
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters "x_modules" and "y_modules" are not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Barco TransForm N | <3.8 | |
| Barco TransForm NDN-210 Lite | ||
| Barco Transform Ndn-210 Pro | ||
| Barco Transform Ndn-211 Lite | ||
| Barco Transform Ndn-211 Pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-17504?
CVE-2020-17504 is a vulnerability in the Barco TransForm N and NDN-210 series devices that allows authenticated users to execute remote code.
How severe is CVE-2020-17504?
CVE-2020-17504 has a severity score of 7.2, which is considered high.
What software is affected by CVE-2020-17504?
Barco TransForm N version up to 3.8 and NDN-210 series devices are affected by CVE-2020-17504.
How can I fix CVE-2020-17504?
To fix CVE-2020-17504, it is recommended to update the affected software to the latest version and apply any patches provided by Barco.
Where can I find more information about CVE-2020-17504?
More information about CVE-2020-17504 can be found on the Barco support website.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/type
- agent/event
- vendor/barco
- canonical/barco transform n
- canonical/barco transform ndn-210 lite
- canonical/barco transform ndn-210 pro
- canonical/barco transform ndn-211 lite
- canonical/barco transform ndn-211 pro