CVE-2019-3930

Summary

CVE	CVE-2019-3930
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-04-30 21:29:00 UTC
Updated	2020-10-16 18:30:00 UTC
Description	The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Barco	Wepresent Wipg-1000p	-	All	All	All
Hardware	Barco	Wepresent Wipg-1000p	-	All	All	All
Operating System	Barco	Wepresent Wipg-1000p Firmware	2.3.0.10	All	All	All
Operating System	Barco	Wepresent Wipg-1000p Firmware	2.3.0.10	All	All	All
Hardware	Barco	Wepresent Wipg-1600w	-	All	All	All
Hardware	Barco	Wepresent Wipg-1600w	-	All	All	All
Operating System	Barco	Wepresent Wipg-1600w Firmware	All	All	All	All
Operating System	Barco	Wepresent Wipg-1600w Firmware	All	All	All	All
Hardware	Blackbox	Hd Wireless Presentation System	-	All	All	All
Hardware	Blackbox	Hd Wireless Presentation System	-	All	All	All
Operating System	Blackbox	Hd Wireless Presentation System Firmware	1.0.0.5	All	All	All
Operating System	Blackbox	Hd Wireless Presentation System Firmware	1.0.0.5	All	All	All
Hardware	Crestron	Am-100	-	All	All	All
Hardware	Crestron	Am-100	-	All	All	All
Operating System	Crestron	Am-100 Firmware	1.6.0.2	All	All	All
Operating System	Crestron	Am-100 Firmware	1.6.0.2	All	All	All
Hardware	Crestron	Am-101	-	All	All	All
Hardware	Crestron	Am-101	-	All	All	All
Operating System	Crestron	Am-101 Firmware	2.7.0.2	All	All	All
Operating System	Crestron	Am-101 Firmware	2.7.0.2	All	All	All
Hardware	Extron	Sharelink 200	-	All	All	All
Hardware	Extron	Sharelink 200	-	All	All	All
Operating System	Extron	Sharelink 200 Firmware	2.0.3.4	All	All	All
Operating System	Extron	Sharelink 200 Firmware	2.0.3.4	All	All	All
Hardware	Extron	Sharelink 250	-	All	All	All
Hardware	Extron	Sharelink 250	-	All	All	All
Operating System	Extron	Sharelink 250 Firmware	2.0.3.4	All	All	All
Operating System	Extron	Sharelink 250 Firmware	2.0.3.4	All	All	All
Hardware	Infocus	Liteshow3	-	All	All	All
Hardware	Infocus	Liteshow3	-	All	All	All
Operating System	Infocus	Liteshow3 Firmware	1.0.16	All	All	All
Operating System	Infocus	Liteshow3 Firmware	1.0.16	All	All	All
Hardware	Infocus	Liteshow4	-	All	All	All
Hardware	Infocus	Liteshow4	-	All	All	All
Operating System	Infocus	Liteshow4 Firmware	2.0.0.7	All	All	All
Operating System	Infocus	Liteshow4 Firmware	2.0.0.7	All	All	All
Hardware	Optoma	Wps-pro	-	All	All	All
Hardware	Optoma	Wps-pro	-	All	All	All
Operating System	Optoma	Wps-pro Firmware	1.0.0.5	All	All	All
Operating System	Optoma	Wps-pro Firmware	1.0.0.5	All	All	All
Hardware	Sharp	Pn-l703wa	-	All	All	All
Hardware	Sharp	Pn-l703wa	-	All	All	All
Operating System	Sharp	Pn-l703wa Firmware	1.4.2.3	All	All	All
Operating System	Sharp	Pn-l703wa Firmware	1.4.2.3	All	All	All
Hardware	Teqavit	Wips710	-	All	All	All
Hardware	Teqavit	Wips710	-	All	All	All
Operating System	Teqavit	Wips710 Firmware	1.1.0.7	All	All	All
Operating System	Teqavit	Wips710 Firmware	1.1.0.7	All	All	All

References

Reference	Source	Link	Tags
OEM Presentation Platform Vulnerabilities - Research Advisory \| Tenable®	MISC	www.tenable.com	Exploit, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.