A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101617 | Third Party Advisory VDB Entry |
https://www.barco.com/en/Support/software/R33050037 | Patch Release Notes |
https://www.barco.com/en/support/software/R33050020 | Patch Release Notes |
https://www.contextis.com/resources/advisories/cve-2017-9377 | Third Party Advisory |
http://www.securityfocus.com/bid/101617 | Third Party Advisory VDB Entry |
https://www.barco.com/en/Support/software/R33050037 | Patch Release Notes |
https://www.barco.com/en/support/software/R33050020 | Patch Release Notes |
https://www.contextis.com/resources/advisories/cve-2017-9377 | Third Party Advisory |
Configurations
History
21 Nov 2024, 03:35
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/101617 - Third Party Advisory, VDB Entry | |
References | () https://www.barco.com/en/Support/software/R33050037 - Patch, Release Notes | |
References | () https://www.barco.com/en/support/software/R33050020 - Patch, Release Notes | |
References | () https://www.contextis.com/resources/advisories/cve-2017-9377 - Third Party Advisory |
Information
Published : 2017-10-30 14:29
Updated : 2024-11-21 03:35
NVD link : CVE-2017-9377
Mitre link : CVE-2017-9377
CVE.ORG link : CVE-2017-9377
JSON object : View
Products Affected
barco
- clickshare_csm-1_firmware
- clickshare_csc-1
- clickshare_csm-1
- clickshare_csc-1_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')