Tenable experts found 15 flaws in wireless presentation systems

Experts at Tenable discovered 15 vulnerabilities in eight wireless presentation systems, including flaws that can be exploited to remotely hack devices.

Wireless presentation systems are used to display content on a screen or through several devices, including mobile devices and laptops. These systems are widely used in enterprises and educational organizations.

Researchers at Tenable discovered 15 vulnerabilities in eight wireless presentation systems, some of them can be exploited for command injection and for gaining access to a device.

“Tenable found multiple vulnerabilities while investigating a Crestron AM-100. Tenable also discovered that the Crestron AM-100 shared a code base with the Barco wePresent, Extron ShareLink, InFocus LiteShow, TEQ AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, and possibly others.” reads the analysis published by Tenable. “The vulnerabilities listed below do not affect all devices”

The experts focused their tests on Crestron AirMedia AM-100 and AM-101 products, but systems from other vendors could be affected because these devices reuse portions of code. Experts discovered that some of the issues they discovered also impact Barco wePresent, Extron ShareLink, InFocus LiteShow, TEQ AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, and potentially other vendors.

Several flaws could be exploited by a remote, unauthenticated attacker to inject operating system commands. Others issues can be exploited by
a remote, unauthenticated attacker to change admin and moderator passwords and view presentations.

The issues, including a hardcoded session ID, allow unauthenticated, remote attacker to stop, start, and disconnect any screen sharing session due to insufficient authentication checking in the moderator controls.

Experts also found a denial-of-service (DoS) flaw and credentials stored in plain text that could be accessible to authenticated users.

Searching for Crestron AirMedia devices exposed online with Shodan, we can find hundreds of devices, most of them located in the US, followed by Canada and Finland.

Tenable started reporting the vulnerabilities to vendors in January, but at the time of the public disclosure, only Extron and Barco have released firmware updates.

Waiting for the fix, users have to configure their environments to avoid these systems being exposed to the internet.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – wireless presentation systems, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.