InFocus IN3128HD Projector Validates Bypass Vulnerability

The InFocus IN3128HD projector is a projector product used in the education industry. The InFocus IN3128HD firmware version 0.26 fails to properly handle user access, allowing remote attackers to bypass authentication and gain unauthorized access by sending a main.html request...

Vulnerability in InFocus IN3128HD projector

InFocus IN3128HD projector is a projector product for the education industry from InFocus. A security vulnerability exists in the InFocus IN3128HD projector using firmware version 0.26. Because the program fails to restrict access to the cgi-bin/webctrl.cgi.elf file. A remote attacker can exploit...

CVE-2014-8384

The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request...

Authentication flaw

The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html...

CVE-2014-8383

The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html...

CVE-2014-8383

The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html...

Cross site request forgery (csrf)

The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request...

CVE-2014-8383

The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html...

CVE-2014-8384

The CVE-2014-8384 entry concerns the InFocus IN3128HD projector (firmware 0.26). The issue is missing authentication for the CGI file webctrl.cgi.elf in cgi-bin, allowing an unauthenticated remote attacker to modify DHCP/server IP configurations, reboot the device, and change the device hostname,...

CVE-2014-8383

The CVE-2014-8383 entry concerns the InFocus IN3128HD projector with firmware 0.26. Public sources describe an authentication bypass in the web interface (by accessing /main.html after login) and missing authentication for the CGI file /cgi-bin/webctrl.cgi.elf, enabling unauthenticated access to ...

[CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities

Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted:...

InFocus IN3128HD Projector Missing Authentication Vulnerability

The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable. 1. Adviso...

InFocus IN3128HD Projector Missing Authentication

Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted:...