Barco ClickShare CSC-1 Firmware 01.09.02.03

CPE Details

Barco ClickShare CSC-1 Firmware 01.09.02.03
barco
clickshare_csc-1_firmware
01.09.02.03
2017-01-18
13h55 +00:00
2021-05-26
16h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:barco:clickshare_csc-1_firmware:01.09.02.03:*:*:*:*:*:*:*

Informations

Vendor

barco

Product

clickshare_csc-1_firmware

Version

01.09.02.03

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-12460 2017-10-30 13h00 +00:00 An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output.
5.4
Medium
CVE-2017-9377 2017-10-30 13h00 +00:00 A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device.
8.8
High
CVE-2016-3149 2017-01-12 22h00 +00:00 Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors.
9.8
Critical
CVE-2016-3150 2017-01-12 22h00 +00:00 Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6.1
Medium
CVE-2016-3151 2017-01-12 22h00 +00:00 Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors.
7.5
High
CVE-2016-3152 2017-01-12 22h00 +00:00 Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.