CVE-2019-3929
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-3929
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款路由器命令操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
多款路由器中存在命令操作系统命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。以下产品及版本受到影响:使用1.6.0.2版本固件的Crestron AM-100;使用2.7.0.1版本固件的Crestron AM-101;使用2.3.0.10版本固件的Barco wePresent WiPG-1000P;使用2.4.1.19之前版本固件的Barco wePresent WiPG-1600W;使用2.0.3.4版本固件的Extr
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Crestron | Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4. | Crestron AM-100 firmware 1.6.0.2 | - |
II. Public POCs for CVE-2019-3929
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Crestron/Barco/Extron/InFocus/TeqAV Remote Command Injection (CVE-2019-3929) Metasploit Module | https://github.com/xfox64x/CVE-2019-3929 | POC Details |
| 2 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-3929.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-3929
请登录查看更多情报信息。
- https://www.tenable.com/security/research/tra-2019-20x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2019-3929
Same Patch Batch · Crestron · 2019-04-30 · 15 CVEs total
| CVE-2019-3925 | Crestron Electronics AM-100和Crestron Electronics AM-101 命令操作系统命令注入漏洞 | |
| CVE-2019-3926 | Crestron Electronics AM-100和Crestron Electronics AM-101 命令操作系统命令注入漏洞 | |
| CVE-2019-3927 | Crestron Electronics AM-100和Crestron Electronics AM-101 授权问题漏洞 | |
| CVE-2019-3928 | Crestron Electronics AM-101 安全漏洞 | |
| CVE-2019-3930 | 多款路由器缓冲区错误漏洞 | |
| CVE-2019-3931 | Crestron Electronics AM-100和Crestron Electronics AM-101 参数注入漏洞 | |
| CVE-2019-3932 | Crestron Electronics AM-100和Crestron Electronics AM-101 信任管理问题漏洞 | |
| CVE-2019-3933 | Crestron Electronics AM-100和Crestron Electronics AM-101 访问控制错误漏洞 | |
| CVE-2019-3934 | Crestron Electronics AM-100和Crestron Electronics AM-101 访问控制错误漏洞 | |
| CVE-2019-3935 | Crestron AM-101 安全漏洞 | |
| CVE-2019-3936 | Crestron Electronics AM-100和Crestron Electronics AM-101 输入验证错误漏洞 | |
| CVE-2019-3937 | Crestron Electronics AM-100和Crestron Electronics AM-101 信任管理问题漏洞 | |
| CVE-2019-3938 | Crestron Electronics AM-100和Crestron Electronics AM-101 信任管理问题漏洞 | |
| CVE-2019-3939 | Crestron Electronics AM-100和Crestron Electronics AM-101 信任管理问题漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-79
- CVE-2026-8262
Devs Palace ERP Online chart-save cross site scripting - CVE-2026-8256
Devs Palace ERP Online mr-save cross site scripting - CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting
V. Comments for CVE-2019-3929
No comments yet