Unrated severityNVD Advisory· Published Jan 7, 2021· Updated Aug 4, 2024

CVE-2020-17500

Description

Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the username and password fields of the logon prompt. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards.

Affected products

Barco TransForm/NDN-210description
Barco/TransForm NDN-210 Litellm-create
Range: <3.8

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.barco.com/en/support/cmsmitrex_refsource_MISC
www.barco.com/en/support/knowledge-base/kb11588mitrex_refsource_CONFIRM
www.barco.com/en/support/transform-n-management-servermitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000