Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-28331
HistoryNov 24, 2020 - 6:15 p.m.

CVE-2020-28331

2020-11-2418:15:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
65
barco
wepresent
wipg-1600w
cve-2020-28331
improper access control
ssh daemon
security vulnerability
information security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

34.2%

JSON

Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.

Related

zdt 3
korelogic 3
packetstorm 3
prion 2
cve 1
zdt
zdt
Barco wePresent WiPG-1600W Undocumented SSH Interface Vulnerability
2020-11-21 00:00:00
Barco wePresent WiPG-1600W Insecure Firmware Image Vulnerability
2020-11-21 00:00:00
Barco wePresent WiPG-1600W Global Hardcoded Root SSH Password Vulnerability
2020-11-21 00:00:00
korelogic
korelogic
Barco wePresent Undocumented SSH Interface Accessible Via Web UI
2020-11-20 00:00:00
Barco wePresent Insecure Firmware Image
2020-11-20 00:00:00
Barco wePresent Global Hardcoded Root SSH Password
2020-11-20 00:00:00
packetstorm
packetstorm
Barco wePresent Undocumented SSH Interface
2020-11-20 00:00:00
Barco wePresent Insecure Firmware Image
2020-11-20 00:00:00
Barco wePresent Global Hardcoded Root SSH Password
2020-11-20 00:00:00
prion
prion
Improper access control
2020-11-24 18:15:00
Hardcoded credentials
2020-11-24 19:15:00
cve
cve
CVE-2020-28334
2020-11-24 19:15:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

34.2%

JSON
Related for CVE-2020-28331
zdt3korelogic3packetstorm3prion2cve1