MidnightBSD

Advisories for blackbox

CVE-2016-2311 MEDIUM

Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-255,

Products Affected

Vendor Product Version
blackbox alertwerks_servsensor_junior_firmware -
blackbox alertwerks_servsensor_firmware -
blackbox alertwerks_servsensor_contact_firmware -
CVE-2019-15497 HIGH

Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
onelan net-top-box_firmware *
blackbox icompel_firmware *
CVE-2019-3929 HIGH

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,CWE-78,

Products Affected

Vendor Product Version
teqavit wips710_firmware 1.1.0.7
extron sharelink_200_firmware 2.0.3.4
infocus liteshow4_firmware 2.0.0.7
crestron am-100_firmware 1.6.0.2
sharp pn-l703wa_firmware 1.4.2.3
optoma wps-pro_firmware 1.0.0.5
infocus liteshow3_firmware 1.0.16
crestron am-101_firmware 2.7.0.2
blackbox hd_wireless_presentation_system_firmware 1.0.0.5
extron sharelink_250_firmware 2.0.3.4
barco wepresent_wipg-1600w_firmware *
barco wepresent_wipg-1000p_firmware 2.3.0.10
CVE-2019-3930 HIGH

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
teqavit wips710_firmware 1.1.0.7
extron sharelink_200_firmware 2.0.3.4
infocus liteshow4_firmware 2.0.0.7
crestron am-100_firmware 1.6.0.2
sharp pn-l703wa_firmware 1.4.2.3
optoma wps-pro_firmware 1.0.0.5
infocus liteshow3_firmware 1.0.16
crestron am-101_firmware 2.7.0.2
blackbox hd_wireless_presentation_system_firmware 1.0.0.5
extron sharelink_250_firmware 2.0.3.4
barco wepresent_wipg-1600w_firmware *
barco wepresent_wipg-1000p_firmware 2.3.0.10
CVE-2022-4636

Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.

Products Affected

Vendor Product Version
blackbox acr1000a-r-r2_firmware 3.4.31307
blackbox acr1002a-t_firmware 3.4.31307
blackbox acr1000a-t-r2_firmware 3.4.31307
blackbox acr1002a-r_firmware 3.4.31307
blackbox acr1020a-t_firmware 3.4.31307