TransForm N
by Barco
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-26976 | 0.00 | — | 0.00 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. | |||
| CVE-2022-26975 | 0.00 | — | 0.01 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. | |||
| CVE-2022-26973 | 0.00 | — | 0.01 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. | |||
| CVE-2022-26972 | 0.00 | — | 0.01 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. | |||
| CVE-2020-17503 | 0.00 | — | 0.03 | Jan 8, 2021 | The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the… | |||
| CVE-2020-17502 | 0.00 | — | 0.03 | Jan 8, 2021 | Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote… |
- CVE-2022-26976Jun 1, 2022risk 0.00cvss —epss 0.00
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.
- CVE-2022-26975Jun 1, 2022risk 0.00cvss —epss 0.01
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.
- CVE-2022-26973Jun 1, 2022risk 0.00cvss —epss 0.01
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.
- CVE-2022-26972Jun 1, 2022risk 0.00cvss —epss 0.01
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.
- CVE-2020-17503Jan 8, 2021risk 0.00cvss —epss 0.03
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the…
- CVE-2020-17502Jan 8, 2021risk 0.00cvss —epss 0.03
Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote…