CVE-2019-3929

CVE-2019-3929

Vendor Crestron
Product Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4.
Weakness CWE-79 · XSS
KEV Status Known Exploited
Published April 30, 2019
Last update October 21, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

April 30, 2019 CVE published
October 21, 2025 Record updated

Related vulnerabilities

05Related CVE

CVE-2025-26868 WordPress Fast Flow plugin <= 1.2.16 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-45848 WordPress Contest Gallery Plugin <= 13.1.0.9 is vulnerable to Cross Site Scripting (XSS) CVE-2025-23741 WordPress Notifications Center plugin <= 1.5.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-35239 Stored Cross-site Scripting on Components of Umbraco Forms CVE-2025-3669 Supreme Addons for Beaver Builder <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_qrcodesabb Shortcode