Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-28331

Published: 24/11/2020 Updated: 12/07/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

barco wepresent wipg-1600w firmware 2.5.1.8

Exploits

Exploit DB: Barco wePresent Insecure Firmware Image
Barco wePresent WiPG-1600W versions 2518, 25025, 25024, and 24119 have firmware that does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images ...
Exploit DB: Barco wePresent Global Hardcoded Root SSH Password
Barco wePresent WiPG-1600W versions 2518, 25025, 25024, and 24119 have a hardcoded root password hash included in the firmware image ...

Mailing Lists

Full Disclosure: KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password
KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password Title: Barco wePresent Global Hardcoded Root SSH Password Advisory ID: KL-001-2020-008 Publication Date: 20201120 Publication URL: korelogiccom/Resources/Advisories/KL-001-2020-008txt 1 Vulnerability Details      Affected Vendor: Barco  &n ...
Full Disclosure: KL-001-2020-009 : Barco wePresent Insecure Firmware Image
KL-001-2020-009 : Barco wePresent Insecure Firmware Image Title: Barco wePresent Insecure Firmware Image Advisory ID: KL-001-2020-009 Publication Date: 20201120 Publication URL: korelogiccom/Resources/Advisories/KL-001-2020-009txt 1 Vulnerability Details      Affected Vendor: Barco      Affec ...
Full Disclosure: KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI
KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI Title: Barco wePresent Undocumented SSH Interface Accessible Via Web UI Advisory ID: KL-001-2020-007 Publication Date: 20201120 Publication URL: korelogiccom/Resources/Advisories/KL-001-2020-007txt 1 Vulnerability Details      Aff ...

References

NVD-CWE-Otherhttp://packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-Interface.htmlhttps://korelogic.com/Resources/Advisories/KL-001-2020-007.txthttps://nvd.nist.govhttps://packetstormsecurity.com/files/160164/Barco-wePresent-Insecure-Firmware-Image.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995CVE-2024-36680CVE-2024-35537unauthorizedCVE-2024-21518CVE-2024-37673cross-site scriptingSSRFCVE-2024-6241
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook