Barco ClickShare Button R9861500D01 Devices OS Command Injection Vulnerability

Barco ClickShare Button R9861500D01 Devices OS Command Injection Vulnerability

CVE-2019-18830 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'.

Learn more about our User Device Pen Test.