Barco Transform N vulnerabilities
4 known vulnerabilities affecting barco/transform_n.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3
Vulnerabilities
Page 1 of 1
CVE-2020-17500P2CRITICALCVSS 9.8fixed in 3.82021-01-07
CVE-2020-17500 [CRITICAL] CWE-77 CVE-2020-17500: Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command I
Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the user
nvd
CVE-2020-17502P3HIGHCVSS 7.2fixed in 3.82021-01-08
CVE-2020-17502 [HIGH] CWE-77 CVE-2020-17502: Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administ
Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http pa
nvd
CVE-2020-17503P3HIGHCVSS 7.2fixed in 3.82021-01-08
CVE-2020-17503 [HIGH] CWE-77 CVE-2020-17503: The NDN-210 has a web administration panel which is made available over https. There is a command in
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter "locking" is not properly handled. The NDN-210 is part of Barc
nvd
CVE-2020-17504P3HIGHCVSS 7.2fixed in 3.82021-01-08
CVE-2020-17504 [HIGH] CWE-77 CVE-2020-17504: The NDN-210 has a web administration panel which is made available over https. There is a command in
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters "x_modules" and "y_modules" are not properly handled. The NDN-2
nvd