IRONSMITHINTEL
CRITICALCVSS9.8
|
Actively Exploited
|CISA KEV|CVE-2019-3929|Auth: none — unauthenticated|Reboot: required|Manual only

Crestron Multiple Products Command Injection Vulnerability

Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Published Apr 30, 2019 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-05-06 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Cross-Site Scripting (XSS) (CWE-79) vulnerability in Crestron Multiple Products. The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running am-100 firmware: 1.6.0.2; am-101 firmware: 2.7.0.2; wepresent wipg-1000p firmware: 2.3.0.10; wepresent wipg-1600w firmware: v < 2.4.1.19; sharelink 200 firmware: 2.0.3.4; sharelink 250 firmware: 2.0.3.4; wips710 firmware: 1.1.0.7; pn-l703wa firmware: 1.4.2.3; wps-pro firmware: 1.0.0.5; hd wireless presentation system firmware: 1.0.0.5; liteshow3 firmware: 1.0.16; liteshow4 firmware: 2.0.0.7
Real-world incidentsWhat we've seen

Active exploitation documented in the wild. Threat-research write-up: https://www.exploit-db.com/exploits/46786/

How to patch

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: Apply updates per vendor instructions.

References

    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2019-3929
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3929
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2019-3929NVD