VDB-134277 · CVE-2019-3929 · Qualys 13484

Crestron AM-100/AM-101 HTTP Endpoint file_transfer.cgi System Command command injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Crestron AM-100 and AM-101. It has been classified as very critical. This affects an unknown part of the file file_transfer.cgi of the component HTTP Endpoint. It is possible to mitigate the weakness by firewalling .

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
893119206/05/2020VulD...urlhttps://www.exploit-db.com/exploits/46786/exploit-db.com06/05/2020accepted100
893115406/05/2020VulD...discoverydate155666880006/05/2020accepted100
893120805/01/2019VulD...cvss3_nvd_basescore9.8nist.gov05/01/2019accepted90
893120705/01/2019VulD...cvss3_vuldb_rcC05/01/2019accepted90
893120605/01/2019VulD...cvss3_vuldb_rlW05/01/2019accepted90
893120505/01/2019VulD...cvss3_vuldb_eX05/01/2019accepted90
893120405/01/2019VulD...cvss2_vuldb_rcC05/01/2019accepted90
893120305/01/2019VulD...cvss2_vuldb_rlW05/01/2019accepted90
893120205/01/2019VulD...cvss2_vuldb_eND05/01/2019accepted90
893120105/01/2019VulD...locationWebsite05/01/2019accepted90
893120005/01/2019VulD...seealso134273 134274 134275 134276 134278 134279 134280 134281 134282 134283 134284 134285 13428605/01/2019accepted100
893119905/01/2019VulD...qualys_titleCrestron AM-100 and AM-101 Multiple Vulnerabilitiesqualys.com05/01/2019accepted100
893119805/01/2019VulD...qualys_id13484qualys.com05/01/2019accepted100
893119705/01/2019VulD...cve_nvd_summaryThe Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.mitre.org05/01/2019accepted100
893119605/01/2019VulD...cve_assigned1546473600mitre.org05/01/2019accepted100
893119505/01/2019VulD...cveCVE-2019-3929mitre.org05/01/2019accepted100
893119405/01/2019VulD...nameFirewall05/01/2019accepted100
893119305/01/2019VulD...price_0day$0-$5ksee documentation05/01/2019accepted100
893119105/01/2019VulD...date1556582400 (04/30/2019)05/01/2019accepted100
893119005/01/2019VulD...cvss3_nvd_aHnist.gov05/01/2019accepted100

Interested in the pricing of exploits?

See the underground prices here!