Published: 24/11/2020 Updated: 04/12/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Wepresent Wipg-1600w Firmware

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.

Vulnerable Product	Search on Vulmon	Subscribe to Product
barco wepresent_wipg-1600w_firmware 2.4.1.19
barco wepresent_wipg-1600w_firmware 2.5.0.24
barco wepresent_wipg-1600w_firmware 2.5.0.25
barco wepresent_wipg-1600w_firmware 2.5.1.8

An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2518 ...

Barco wePresent WiPG-1600W versions 2518, 25025, 25024, and 24119 have a hardcoded root password hash included in the firmware image ...

Full Disclosure mailing list archives   By Date By Thread </form>    KL-001-2020-005 : Barco wePresent Admin Credentials Exposed In Plain-text  <!--X-Head-of-Me ...

Full Disclosure mailing list archives   By Date By Thread </form>    KL-001-2020-004 : Barco wePresent Hardcoded API Credentials   Fro ...

CWE-798 https://korelogic.com/Resources/Advisories/KL-001-2020-004.txt https://nvd.nist.gov https://packetstormsecurity.com/files/160160/Barco-wePresent-Admin-Credential-Exposure.html

CVE-2020-28329

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect