54 matches found
Barco/AWIND OEM Presentation Platform - Remote Command Injection
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...
EUVD-2020-20793
Malware in sbrugna...
EUVD-2020-20795
Malware in sbrugna...
EUVD-2020-20792
Malware in sbrugna...
EUVD-2020-20796
Malware in sbrugna...
EUVD-2020-20794
Malware in sbrugna...
Barco WePresent WiPG-1000 安全漏洞
Barco WePresent WiPG-1000 is a wireless presentation server from Barco Belgium. A security vulnerability exists in the Barco WePresent WiPG-1000 prior to version 2.2.3.0, which stems from improper handling of /cgi-bin/rdfs.cgi endpoint inputs, which can lead to command injection...
CVE-2020-28331
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Versions: 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a...
CVE-2020-28329
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...
CVE-2020-28329
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...
Hardcoded credentials
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...
CVE-2020-28334
Barco wePresent WiPG-1600W devices use Hard-coded Credentials issue 2 of 2. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-283...
CVE-2020-28333
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Versions: 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET...
CVE-2020-28332
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing...
CVE-2020-28332
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing...
CVE-2020-28330
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Versions: 2.5.1.8. An attacker armed with hardcoded API credentials retrieved by exploiting CVE-2020-28329 can issue an authenticated query to display the admin password for the main web user interface listenin...
CVE-2020-28333
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Versions: 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET...
CVE-2020-28334
Barco wePresent WiPG-1600W devices use Hard-coded Credentials issue 2 of 2. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-283...
Hardcoded credentials
Barco wePresent WiPG-1600W devices use Hard-coded Credentials issue 2 of 2. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-283...
Hardcoded credentials
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Versions: 2.5.1.8. An attacker armed with hardcoded API credentials retrieved by exploiting CVE-2020-28329 can issue an authenticated query to display the admin password for the main web user interface listenin...