Barco: >> Clickshare Csm-1 Firmware >> 01.06.03.05 Security Vulnerabilities
An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-10-30
A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device.
CVSS Score
8.8
EPSS Score
0.057
Published
2017-10-30