CVE-2017-9377

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:barco:clickshare_csm-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:barco:clickshare_csm-1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:barco:clickshare_csc-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:barco:clickshare_csc-1:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:35

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/101617 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/101617 - Third Party Advisory, VDB Entry
References () https://www.barco.com/en/Support/software/R33050037 - Release Notes, Patch () https://www.barco.com/en/Support/software/R33050037 - Patch, Release Notes
References () https://www.barco.com/en/support/software/R33050020 - Release Notes, Patch () https://www.barco.com/en/support/software/R33050020 - Patch, Release Notes
References () https://www.contextis.com/resources/advisories/cve-2017-9377 - Third Party Advisory () https://www.contextis.com/resources/advisories/cve-2017-9377 - Third Party Advisory

Information

Published : 2017-10-30 14:29

Updated : 2024-11-21 03:35


NVD link : CVE-2017-9377

Mitre link : CVE-2017-9377

CVE.ORG link : CVE-2017-9377


JSON object : View

Products Affected

barco

  • clickshare_csm-1_firmware
  • clickshare_csc-1
  • clickshare_csm-1
  • clickshare_csc-1_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')