43 matches found
EUVD-2020-20794
Malware in sbrugna...
Barco wePresent WiPG-1600W Hardcoded Root Password Vulnerability
The Barco wePresent WiPG-1600W is a management device for conference environments from Barco Belgium. A security vulnerability exists in Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19, which stems from the inclusion of a hard-coded root password hash in the firmware...
CVE-2020-28329
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...
CVE-2020-28329
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...
Hardcoded credentials
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...
CVE-2020-28330
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Versions: 2.5.1.8. An attacker armed with hardcoded API credentials retrieved by exploiting CVE-2020-28329 can issue an authenticated query to display the admin password for the main web user interface listenin...
CVE-2020-28330
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Versions: 2.5.1.8. An attacker armed with hardcoded API credentials retrieved by exploiting CVE-2020-28329 can issue an authenticated query to display the admin password for the main web user interface listenin...
CVE-2020-28332
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing...
CVE-2020-28333
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Versions: 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET...
CVE-2020-28333
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Versions: 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET...
Hardcoded credentials
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Versions: 2.5.1.8. An attacker armed with hardcoded API credentials retrieved by exploiting CVE-2020-28329 can issue an authenticated query to display the admin password for the main web user interface listenin...
Code injection
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing...
Hardcoded credentials
Barco wePresent WiPG-1600W devices use Hard-coded Credentials issue 2 of 2. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-283...
Authentication flaw
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Versions: 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET...
CVE-2020-28329
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...
CVE-2020-28329
Barco wePresent WiPG-1600W is affected by CVE-2020-28329 and related CVEs due to hardcoded credentials in the firmware. Affected firmware versions include 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19. The vulnerability arises because an API account and password are embedded in the firmware image and...
CVE-2020-28332
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing...
CVE-2020-28332
CVE-2020-28332 affects Barco wePresent WiPG-1600W firmware (versions 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19). The issue is failure to verify digitally signed firmware updates, allowing potential processing and installation of modified/malicious images due to an inadequate integrity check. Technica...
CVE-2020-28334
Barco wePresent WiPG-1600W devices are affected by CVE-2020-28334 due to a hard-coded root password hash embedded in firmware for affected versions 2.5.1.8, 2.5.0.25, 2.5.0.24 and 2.4.1.19. Related connected CVEs (CVE-2020-28329, CVE-2020-28330, CVE-2020-28331) describe a chain of issues: a hard-...
CVE-2020-28334
Barco wePresent WiPG-1600W devices use Hard-coded Credentials issue 2 of 2. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-283...