CVE-2019-3930

Published: Apr 30, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.

Vendor	Product	Versions
Crestron	Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4.	affected `Crestron AM-100 firmware 1.6.0.2` affected `Crestron AM-101 firmware 2.7.0.1` affected `Barco wePresent WiPG-1000P firmware 2.3.0.10` affected `Barco wePresent WiPG-1600W before firmware 2.4.1.19` affected `Extron ShareLink 200/250 firmware 2.0.3.4` +6 more versions

Weaknesses (CWE)

CWE-121

References

https://www.tenable.com/security/research/tra-2019-20

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-3930

Description

Affected Products

Weaknesses (CWE)

References