Crestron AM-100/AM-101 HTTP Endpoint file_transfer.cgi System Command command injection
https://www.ispeech.org/text.to.speech
| CVSS Meta Temp Score | Current Exploit Price (≈) |
|---|---|
| 9.6 | $0-$5k |
A vulnerability was found in Crestron AM-100 and AM-101. It has been classified as very critical. This affects code of the file file_transfer.cgi of the component HTTP Endpoint. The manipulation as part of a System Command leads to a privilege escalation vulnerability (Command Injection). CWE is classifying the issue as CWE-88. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
The weakness was disclosed 04/30/2019. This vulnerability is uniquely identified as CVE-2019-3929 since 01/03/2019. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 05/01/2019).
It is possible to mitigate the weakness by firewalling .
The entries 134273, 134274, 134275 and 134276 are pretty similar.
- Crestron AM-100 1.6.0.2
- Crestron AM-101 2.7.0.1
- Barco wePresent WiPG-1000P 2.3.0.10
- Barco wePresent WiPG-1600W 2.4.1
- Extron ShareLink 200/Extron ShareLink 200 250 2.0.3.4
- Teq AV IT WIPS710 1.1.0.7
- SHARP PN-L703WA 1.4.2.3
- Optoma WPS-Pro 1.0.0.5
- Blackbox HD WPS 1.0.0.5
- InFocus LiteShow3 1.0.16
- InFocus LiteShow4 2.0.0.7
Vendor
Name
VulDB Meta Base Score: 9.8
VulDB Meta Temp Score: 9.6
VulDB Base Score: 9.8
VulDB Temp Score: 9.6
VulDB Vector: ?
VulDB Reliability: ?
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| ? | ? | ? | ? | ? | ? |
| ? | ? | ? | ? | ? | ? |
| ? | ? | ? | ? | ? | ? |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Privilege escalation / Command Injection (CWE-88)
Local: No
Remote: Yes
Availability: ?
Status: Not defined
Price Prediction: ?
Current Price Estimation: ?
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Firewall
Status: ?
0-Day Time: ?01/03/2019 CVE assigned
04/30/2019 Advisory disclosed
05/01/2019 VulDB entry created
05/01/2019 VulDB last updateCVE: CVE-2019-3929 (?)
See also: ?Created: 05/01/2019 02:06 PM
Complete: ?
See the underground prices here!
https://vuldb.com/?id.134277
Gloss