VYPR

TransForm N

by Barco

CVEs (6)

  • CVE-2022-26976Jun 1, 2022
    risk 0.00cvss epss 0.00

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.

  • CVE-2022-26975Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.

  • CVE-2022-26973Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.

  • CVE-2022-26972Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.

  • CVE-2020-17503Jan 8, 2021
    risk 0.00cvss epss 0.03

    The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the…

  • CVE-2020-17502Jan 8, 2021
    risk 0.00cvss epss 0.03

    Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote…