VAR-201912-0681
Vulnerability from variot - Updated: 2024-11-23 21:36Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'. Barco ClickShare Button The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Barco ClickShare Button R9861500D01 is a wireless control device for the demonstration system of Barco, Belgium.
Barco ClickShare Button R9861500D01 The Dongle_bridge program embedded in versions earlier than 1.9.0 has an operating system command injection vulnerability, which originates from the process of externally inputting data to construct operating system executable commands, and the network system or product did not properly filter the special characters and commands. The attacker can use this vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0681",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clickshare cse-200\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cs-100",
"scope": "lt",
"trust": 1.0,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cse-800",
"scope": "lt",
"trust": 1.0,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cse-200",
"scope": "lt",
"trust": 1.0,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cs-100",
"scope": "eq",
"trust": 0.8,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cse-200",
"scope": "eq",
"trust": 0.8,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cse-200+",
"scope": "eq",
"trust": 0.8,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cse-800",
"scope": "eq",
"trust": 0.8,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare button r9861500d01",
"scope": "lt",
"trust": 0.6,
"vendor": "barco",
"version": "1.9.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46446"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013419"
},
{
"db": "NVD",
"id": "CVE-2019-18830"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:barco:clickshare_cs-100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_cse-200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_cse-200%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_cse-800_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013419"
}
]
},
"cve": "CVE-2019-18830",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18830",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46446",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18830",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18830",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18830",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-18830",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-46446",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-720",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-18830",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46446"
},
{
"db": "VULMON",
"id": "CVE-2019-18830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013419"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-720"
},
{
"db": "NVD",
"id": "CVE-2019-18830"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded \u0027dongle_bridge\u0027 program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user \u0027nobody\u0027. Barco ClickShare Button The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Barco ClickShare Button R9861500D01 is a wireless control device for the demonstration system of Barco, Belgium. \n\nBarco ClickShare Button R9861500D01 The Dongle_bridge program embedded in versions earlier than 1.9.0 has an operating system command injection vulnerability, which originates from the process of externally inputting data to construct operating system executable commands, and the network system or product did not properly filter the special characters and commands. The attacker can use this vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013419"
},
{
"db": "CNVD",
"id": "CNVD-2019-46446"
},
{
"db": "VULMON",
"id": "CVE-2019-18830"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18830",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013419",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-46446",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-720",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-18830",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46446"
},
{
"db": "VULMON",
"id": "CVE-2019-18830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013419"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-720"
},
{
"db": "NVD",
"id": "CVE-2019-18830"
}
]
},
"id": "VAR-201912-0681",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46446"
}
],
"trust": 1.3368421000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46446"
}
]
},
"last_update_date": "2024-11-23T21:36:23.950000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ClickShare",
"trust": 0.8,
"url": "https://www.barco.com/en/clickshare/firmware-update"
},
{
"title": "ClickShare CS-100 base unit firmware v1.9.1.7",
"trust": 0.8,
"url": "https://www.barco.com/en/support/software/R33050069?majorVersion=01\u0026minorVersion=09\u0026patchVersion=01\u0026buildVersion=007"
},
{
"title": "ClickShare CSE-200 base unit firmware v1.9.1.7",
"trust": 0.8,
"url": "https://www.barco.com/en/support/software/R33050070?majorVersion=01\u0026minorVersion=09\u0026patchVersion=01\u0026buildVersion=007"
},
{
"title": "ClickShare CSE-800 base unit firmware v1.9.1.7",
"trust": 0.8,
"url": "https://www.barco.com/en/support/software/R33050095?majorVersion=01\u0026minorVersion=09\u0026patchVersion=01\u0026buildVersion=007"
},
{
"title": "ClickShare CSE-200+ base unit firmware v1.9.1.7",
"trust": 0.8,
"url": "https://www.barco.com/en/support/software/R33050125?majorVersion=01\u0026minorVersion=09\u0026patchVersion=01\u0026buildVersion=007"
},
{
"title": "Patch for Barco ClickShare Button R9861500D01 Operating System Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/194973"
},
{
"title": "Barco ClickShare Button R9861500D01 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105748"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46446"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013419"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-720"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013419"
},
{
"db": "NVD",
"id": "CVE-2019-18830"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.barco.com/en/support/software/r33050070?majorversion=01\u0026minorversion=09\u0026patchversion=01\u0026buildversion=007"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18830"
},
{
"trust": 1.7,
"url": "https://www.barco.com/en/support/software/r33050069?majorversion=01\u0026minorversion=09\u0026patchversion=01\u0026buildversion=007"
},
{
"trust": 1.7,
"url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/"
},
{
"trust": 1.7,
"url": "https://www.barco.com/en/support/software/r33050095?majorversion=01\u0026minorversion=09\u0026patchversion=01\u0026buildversion=007"
},
{
"trust": 1.7,
"url": "https://www.barco.com/en/support/software/r33050125?majorversion=01\u0026minorversion=09\u0026patchversion=01\u0026buildversion=007"
},
{
"trust": 1.7,
"url": "https://www.barco.com/en/clickshare/firmware-update"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18830"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46446"
},
{
"db": "VULMON",
"id": "CVE-2019-18830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013419"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-720"
},
{
"db": "NVD",
"id": "CVE-2019-18830"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-46446"
},
{
"db": "VULMON",
"id": "CVE-2019-18830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013419"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-720"
},
{
"db": "NVD",
"id": "CVE-2019-18830"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46446"
},
{
"date": "2019-12-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18830"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013419"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-720"
},
{
"date": "2019-12-16T17:15:12.080000",
"db": "NVD",
"id": "CVE-2019-18830"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46446"
},
{
"date": "2019-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18830"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013419"
},
{
"date": "2020-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-720"
},
{
"date": "2024-11-21T04:33:39.907000",
"db": "NVD",
"id": "CVE-2019-18830"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-720"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barco ClickShare Button R9861500D01 Operating System Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46446"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-720"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-720"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…