Overview
- Description
- The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
- Source
- vulnreport@tenable.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- Crestron Multiple Products Command Injection Vulnerability
- Exploit added on
- Apr 15, 2022
- Exploit action due
- May 6, 2022
- Required action
- Apply updates per vendor instructions.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "913135BE-8FB4-40BA-85D8-AD0F824493C3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "081E2B1B-027D-4846-8C61-54CE2D668CD0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AC584E7-9159-48E8-B499-F5CA68663503"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D0AB0523-6EFF-4C78-A8BA-B2764DBB04D0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4102ECBE-C362-4D67-A8B8-E0C796991A05"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:barco:wepresent_wipg-1000p:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4CA49409-DD7A-443C-9C64-F7FC02AD572F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC11E306-2039-4981-B0DE-F0E086E82A99",
"versionEndExcluding": "2.4.1.19"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E6EDF943-F79F-4729-A15C-BEDFDAC42EA3"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2A958C1-D420-4686-B16A-9F894D9D546B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:extron:sharelink_200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9052908E-4A0A-4462-9054-FF8B81BE61AD"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:extron:sharelink_250_firmware:2.0.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4452FE8E-2FF1-4920-BE15-EDB36865E436"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:extron:sharelink_250:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6D0429EC-69E4-40DF-8F58-92C14B1EE30F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teqavit:wips710_firmware:1.1.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30DE4653-931B-4EE4-997C-EDE3B4FD1103"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teqavit:wips710:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4C065DAA-CCAD-4551-A6D3-61A714EBEC2A"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:pn-l703wa_firmware:1.4.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B378214-4F0E-4365-92B4-A1C1CA1BF8E9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:pn-l703wa:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "515FE3BB-C5C9-496C-A002-E5687D5D2B00"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:optoma:wps-pro_firmware:1.0.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B85EAE85-7C54-4B93-96BA-72FCB1CFA94F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:optoma:wps-pro:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2033CAD9-390C-4AA4-A05E-951849AB16E8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackbox:hd_wireless_presentation_system_firmware:1.0.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2143F71D-47D5-4630-B1CF-74824682523C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:blackbox:hd_wireless_presentation_system:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E5722F58-47BA-4430-8F92-FA56348FD4A9"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:infocus:liteshow3_firmware:1.0.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A31899CB-CC41-446A-AB84-40D2BDED1F30"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:infocus:liteshow3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7E81DF5B-9FD1-44E7-B23D-639ACAD4EED0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:infocus:liteshow4_firmware:2.0.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D361E8D9-377E-4DBB-BFAC-35CB4333A6EB"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:infocus:liteshow4:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "76B7C16D-C7D8-4502-B466-1D6A0183527A"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]