Published: 06/03/2017 Updated: 01/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wepresent wipg-1500_firmware 1.0.3.7

# Exploit Title: CVE-2017-6351 - WePresent undocumented privileged manufacturer backdoor account # Date: 27/02/2017 # Exploit Author: Quentin Olagne # Vendor Homepage: wwwwepresentwificom/ or wwwawindinccom/products_wepresent_wipg_1500html # Software Link: wwwawindinccom/products_wepresent_wipg_1500html # Version: All ...

WePresent WiPG-1500 has a backdoor account installed ...

CWE-798 http://www.wepresentwifi.com/http://www.securityfocus.com/bid/96588 https://www.exploit-db.com/exploits/41480/https://nvd.nist.gov https://www.exploit-db.com/exploits/41480/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-6351

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect