Command Injection Vulnerability on ClickShare Base Units (CVE-2017-9377)

"""
ClickShare by Barco is a wireless presentation system intended to replace wired setups and enhance meetings, conferences and presentations in a variety of ways. USB ClickShare buttons plug into your device, or for mobile devices an app is downloaded. Then, by clicking the button, you can wirelessly share your devices display through the central video screen.
"""

The Barco ClickShare Base Unit was found to be vulnerable to multiple command injection vulnerabilities in the web API interface.

This may allow an attacker to run commands on the remote system with the privileges of root user.

The affected versions are:

ClickShare CSM-1 Base Unit Firmware older than v1.7.0.3
ClickShare CSC-1 Base Unit Firmware older than v1.10.0.10

Further information:
https://www.contextis.com/resources/advisories/cve-2017-9377