N/A

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters "x_modules" and "y_modules" are not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards.

N/A

N/A

Barco Transform NDN-210 命令注入漏洞

Barco Transform NDN-210是荷兰巴可（Barco）公司的一款基于PC的网络图形处理器。该设备可显示来自Gbit以太网/ IP网络的编码流，支持H-264，MPEG-4，MPEG-2，MJPEG，V2D和ProServer等格式。 Barco TransForm N 3.8之前版本存在命令注入漏洞，该漏洞允许经过身份验证的用户到管理面板执行经过身份验证的远程代码执行。

N/A

N/A