Описание
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters "x_modules" and "y_modules" are not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards.
Ссылки
- Vendor Advisory
- Vendor Advisory
- ProductVendor Advisory
- Vendor Advisory
- Vendor Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters "x_modules" and "y_modules" are not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards.
EPSS
7.2 High
CVSS3
6.5 Medium
CVSS2