CVE-2019-3929 Scanner
CVE-2019-3929 scanner - OS Command Injection vulnerability in Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 1 day
Scan only one
URL
Toolbox
-
Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4 are all wireless presentation systems that allow users to share content from their devices on a bigger screen. These devices are widely used in conference rooms, classrooms, and other large meeting spaces to enhance collaboration and productivity. They are designed to simplify the process of sharing content and enable users to present their ideas with ease.
The CVE-2019-3929 vulnerability detected in these devices is a command injection via the file_transfer.cgi HTTP endpoint. This means that an attacker can exploit this vulnerability to execute operating system commands as root, allowing them to gain full control of the device and potentially access sensitive information. This vulnerability can be accessed remotely and does not require authentication, making it a critical threat to the security of these devices.
When exploited, this vulnerability can lead to data theft, unauthorized access to confidential data, and even system downtime. It can also be used to install malware and other malicious software on the device, which can be used to launch further attacks against the user's network. This vulnerability can pose a significant risk to organizations that rely on these devices for their daily operations, making it crucial to take action to protect against it.
Thanks to the pro features of the s4e.io platform, users can quickly and easily identify and address vulnerabilities in their devices. The platform offers in-depth analysis and comprehensive reports on vulnerabilities, making it possible to detect and prevent threats before they can cause damage. By using this platform, users can stay ahead of evolving threats and keep their devices and networks secure.
REFERENCES
- http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html
- http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html
- https://www.exploit-db.com/exploits/46786/
- https://www.tenable.com/security/research/tra-2019-20
