CVE-2019-3929

CRITICAL KEV NUCLEI

Crestron Am-100 Firmware < 2.4.1.19 - OS Command Injection

Title source: rule
STIX 2.1

Exploitation Summary

CVE-2019-3929 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 15, 2022. EIP tracks 4 public exploits from researchers including Metasploit, Jacob Baines, xfox64x, including a Metasploit module exploits/linux/http/wepresent_cmd_injection. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated command injection vulnerability in Barco WePresent devices via the file_transfer.cgi endpoint. It supports both in-memory command execution and staged payload delivery for ARMLE Linux targets.

Description

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/47924

This Metasploit module exploits an unauthenticated command injection vulnerability in Barco WePresent devices via the file_transfer.cgi endpoint. It supports both in-memory command execution and staged payload delivery for ARMLE Linux targets.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Barco WePresent (and OEM products)
No auth needed
Prerequisites: Network access to the target device · file_transfer.cgi endpoint exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Jacob Baines · textwebappshardware
https://www.exploit-db.com/exploits/46786

This exploit demonstrates an unauthenticated remote command injection vulnerability in multiple OEM presentation platforms. It uses a crafted POST request to execute arbitrary commands via the `file_transfer.cgi` endpoint, spawning a telnetd service and executing `whoami`.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Multiple OEM presentation platforms (e.g., Crestron AM-100 1.6.0.2, Barco wePresent WiPG-1000P 2.3.0.10)
No auth needed
Prerequisites: Network access to the target device · Vulnerable firmware version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by xfox64x · remote
https://github.com/xfox64x/CVE-2019-3929

This is a Metasploit module for CVE-2019-3929, a remote command injection vulnerability in multiple devices via the file_transfer.cgi endpoint. It allows unauthenticated RCE as root on affected systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Crestron AM-100/101, Barco wePresent WiPG-1000/1600W, Extron ShareLink 200/250, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3/4
No auth needed
Prerequisites: Network access to the target device · HTTP/HTTPS access to port 443
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/wepresent_cmd_injection.rb

This Metasploit module exploits an unauthenticated remote command injection vulnerability in Barco WePresent devices via the file_transfer.cgi endpoint. It supports both in-memory command execution and staged payload delivery for ARMLE Linux targets.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Barco WePresent (and OEM products)
No auth needed
Prerequisites: Network access to the target device · file_transfer.cgi endpoint accessible
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Barco/AWIND OEM Presentation Platform - Remote Command Injection
CRITICALby _0xf4n9x_

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.9425
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2022-04-15
VulnCheck KEV 2019-06-06
InTheWild.io 2022-04-15
ENISA EUVD EUVD-2019-13536
CWE
CWE-78 CWE-79
Status published
Products (12)
barco/wepresent_wipg-1000p_firmware 2.3.0.10
barco/wepresent_wipg-1600w_firmware < 2.4.1.19
blackbox/hd_wireless_presentation_system_firmware 1.0.0.5
crestron/am-100_firmware 1.6.0.2
crestron/am-101_firmware 2.7.0.2
extron/sharelink_200_firmware 2.0.3.4
extron/sharelink_250_firmware 2.0.3.4
infocus/liteshow3_firmware 1.0.16
infocus/liteshow4_firmware 2.0.0.7
optoma/wps-pro_firmware 1.0.0.5
... and 2 more
Published Apr 30, 2019
KEV Added Apr 15, 2022
Tracked Since Feb 18, 2026