CVE-2020-17503

January 14, 2021

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter “locking” is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards.

Summary:

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter “locking” is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards.

Reference Links(if available):

  • https://www.barco.com/en/support/transform-n-management-server
  • https://www.barco.com/en/support/cms
  • https://www.barco.com/en/support/knowledge-base/kb11589

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    hkcert

    Ubuntu Linux Kernel Multiple Vulnerabilities

    July 2, 2025
    hkcert

    Microsoft Edge Multiple Vulnerabilities

    July 2, 2025
    hkcert

    Google Chrome Data Manipulation Vulnerability

    July 2, 2025
    image

    CVE Alert: CVE-2025-53107

    July 2, 2025
    image

    CVE Alert: CVE-2025-52294

    July 2, 2025