104 matches found
Barco wePresent Hardcoded API Credentials
KL-001-2020-004 : Barco wePresent Hardcoded API Credentials Title: Barco wePresent Hardcoded API Credentials Advisory ID: KL-001-2020-004 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-004.txt 1. Vulnerability Details Affected Vendor: Barco...
Barco wePresent Admin Credential Exposure
KL-001-2020-005 : Barco wePresent Admin Credentials Exposed In Plain-text Title: Barco wePresent Admin Credentials Exposed In Plain-text Advisory ID: KL-001-2020-005 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt 1. Vulnerability Detai...
Barco wePresent Undocumented SSH Interface Accessible Via Web UI
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8 Platform: Embedded Linux CWE Classification: CWE-284: Improper Access Control CVE ID: CVE-2020-28331 2. Vulnerability Description The Barco wePresent device has an SSH daemon included in...
Barco wePresent Undocumented SSH Interface
KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI Title: Barco wePresent Undocumented SSH Interface Accessible Via Web UI Advisory ID: KL-001-2020-007 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt 1...
Barco wePresent Global Hardcoded Root SSH Password
KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password Title: Barco wePresent Global Hardcoded Root SSH Password Advisory ID: KL-001-2020-008 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-008.txt 1. Vulnerability Details Affecte...
Barco wePresent Admin Credentials Exposed In Plain-text
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8 Platform: Embedded Linux CWE Classification: CWE-523: Unprotected Transport of Credentials CVE ID: CVE-2020-28330 2. Vulnerability Description An attacker armed with hardcoded API...
Barco wePresent WiPG-1600W Trust Management Issue Vulnerability
The Barco Barco wePresent WiPG-1600W is a management device for use in conference environments from Barco Belgium. A security vulnerability exists in the Barco wePresent WiPG-1600W that stems from the inclusion of a hard-coded API account and password that can be discovered by examining the...
Barco wePresent Insecure Firmware Image
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19 Platform: Embedded Linux CWE Classification: CWE-494: Download of Code Without Integrity Check CVE ID: CVE-2020-28332 2. Vulnerability Description The Barco...
Barco wePresent WiPG-1600W 信任管理问题漏洞
The Barco wePresent WiPG-1600W is a management device for conference environments from Barco Belgium. A security vulnerability exists in Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19, which stems from the inclusion of a hard-coded root password hash in the firmware...
Barco wePresent Authentication Bypass
KL-001-2020-006 : Barco wePresent Authentication Bypass Title: Barco wePresent Authentication Bypass Advisory ID: KL-001-2020-006 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt 1. Vulnerability Details Affected Vendor: Barco Affected...
Barco wePresent WiPG-1600W Security Vulnerability
Barco Barco wePresent WiPG-1600W is a management appliance for conference environments from Barco Belgium. A security vulnerability exists in Barco wePresent WiPG-1600W 2.5.1.8 that stems from the inclusion of an SSH daemon. By default, the SSH daemon is disabled and is not started at system boot...
Barco wePresent Authentication Bypass
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8 Platform: Embedded Linux CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel CVE ID: CVE-2020-28333 2. Vulnerability Description The Barco wePresent web...
Barco wePresent Insecure Firmware Image
KL-001-2020-009 : Barco wePresent Insecure Firmware Image Title: Barco wePresent Insecure Firmware Image Advisory ID: KL-001-2020-009 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-009.txt 1. Vulnerability Details Affected Vendor: Barco Affect...
Barco wePresent Global Hardcoded Root SSH Password
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID: CVE-2020-28334 2. Vulnerability Description The Barco wePresent...
Barco wePresent Hardcoded API Credentials
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID: CVE-2020-28329 2. Vulnerability Description Barco wePresent...
Barco WePresent - file_transfer.cgi Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Barco WePresent filetransfer.cgi Command Injection", 'Description' = %q This module exploits an unauthenticated remote command injection...
Barco WePresent file_transfer.cgi Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Barco WePresent filetransfer.cgi Command Injection", 'Description' = %q This module exploits an unauthenticated remote command injection...
Barco WePresent file_transfer.cgi Command Injection
This module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the filetransfer.cgi endpoint. This module requires Metasploit: https://metasploit.com/download Current...
AwindInc SNMP Service - Command Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AwindInc SNMP Service Command Injection", 'Description' = %q This module exploits a vulnerability found in AwindInc and OEM'ed products where...
AwindInc SNMP Service Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AwindInc SNMP Service Command Injection", 'Description' = %q This module exploits a vulnerability found in AwindInc and OEM'ed products where...