CVE-2019-3930

Exp

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.

Published: 2019-04-30 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2019-3930

EPSS CVSS CWE Exploit-DB Affected

Conclusion & alert: CVE-2019-3930 is rated High Exploit Risk (84.7/100): CVSS Critical severity, with high exploitation likelihood (EPSS 6.96%, 93th percentile). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2019-3930

EDB-ID	Source	Kind	Published	Link
—	nvd_ref	exploit_tag		Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2019-3930

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	9.11%	6.96%	-2.15%
2	2026-04-24	11.81%	9.11%	-2.70%
3	2026-03-08	—	11.81%	—

Full EPSS history (22 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2019-3930

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
9.8	3.1	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	3.9	5.9	[email protected]
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Weakness enumeration for CVE-2019-3930

CWE-121 MITRE ↗ CWE-787 MITRE ↗

Affected software / configurations for CVE-2019-3930

Vendor	Product	Version	Raw CPE
crestron	am-100_firmware	1.6.0.2	cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:::::::*
crestron	am-101_firmware	2.7.0.2	cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:::::::*
barco	wepresent_wipg-1000p_firmware	2.3.0.10	cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:::::::*
barco	wepresent_wipg-1600w_firmware	< 2.4.1.19	cpe:2.3:o:barco:wepresent_wipg-1600w_firmware::::::::
extron	sharelink_200_firmware	2.0.3.4	cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:::::::*
extron	sharelink_250_firmware	2.0.3.4	cpe:2.3:o:extron:sharelink_250_firmware:2.0.3.4:::::::*
teqavit	wips710_firmware	1.1.0.7	cpe:2.3:o:teqavit:wips710_firmware:1.1.0.7:::::::*
sharp	pn-l703wa_firmware	1.4.2.3	cpe:2.3:o:sharp:pn-l703wa_firmware:1.4.2.3:::::::*
optoma	wps-pro_firmware	1.0.0.5	cpe:2.3:o:optoma:wps-pro_firmware:1.0.0.5:::::::*
blackbox	hd_wireless_presentation_system_firmware	1.0.0.5	cpe:2.3:o:blackbox:hd_wireless_presentation_system_firmware:1.0.0.5:::::::*
infocus	liteshow3_firmware	1.0.16	cpe:2.3:o:infocus:liteshow3_firmware:1.0.16:::::::*
infocus	liteshow4_firmware	2.0.0.7	cpe:2.3:o:infocus:liteshow4_firmware:2.0.0.7:::::::*

References for CVE-2019-3930

URL	Tags
https://www.tenable.com/security/research/tra-2019-20	Exploit Third Party Advisory

cvelogic Threat Intelligence