CVE-2020-17503 : Security Advisory and Response

The NDN-210 has a web administration panel with a command injection vulnerability that allows authenticated users to execute remote code. This vulnerability affects Barco TransForm N solution.

Understanding CVE-2020-17503

This CVE involves a command injection issue in the web administration panel of the NDN-210 device.

What is CVE-2020-17503?

The NDN-210 web administration panel over https is vulnerable to command injection, enabling authenticated users to execute remote code.

The Impact of CVE-2020-17503

Authenticated users can perform remote code execution through the administration panel.
The vulnerability affects the security of the Barco TransForm N solution.

Technical Details of CVE-2020-17503

This section provides technical details of the vulnerability.

Vulnerability Description

The issue lies in split_card_cmd.php, where the "locking" http parameter is not correctly handled, leading to command injection.

Affected Systems and Versions

Product: NDN-210
Vendor: Barco
Versions affected: All versions until TransForm N version 3.8

Exploitation Mechanism

The vulnerability allows authenticated users to inject and execute commands through the web administration panel.

Mitigation and Prevention

Protect your systems from CVE-2020-17503 with the following steps:

Immediate Steps to Take

Update to TransForm N version 3.8 or later to patch the vulnerability.
Monitor and restrict access to the web administration panel.

Long-Term Security Practices

Regularly update and patch software to prevent vulnerabilities.
Implement strong authentication mechanisms to control access.
Conduct security audits and penetration testing to identify and address potential issues.

Patching and Updates

Apply patches and updates provided by Barco for the TransForm N solution to mitigate the vulnerability.