CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18831
https://notcve.org/view.php?id=CVE-2019-18831
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, permiten una exposición de información. El firmware de cifrado de ClickShare Button contiene la clave privada de un certificado de dispositivo de prueba. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software&# • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 2%CPEs: 8EXPL: 0CVE-2019-18830
https://notcve.org/view.php?id=CVE-2019-18830
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, permiten una inyección de comandos de sistema operativo. El programa integrado "dongle_bridge" utilizado para exponer las funcionalidades del botón ClickShare a un host USB, es susceptible a vulnerabilidades de inyección de comandos de sistema operativo. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18828
https://notcve.org/view.php?id=CVE-2019-18828
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, poseen credenciales insuficientemente protegidas. La cuenta root (presente para el acceso por medio de interfaces de depuración, que por defecto no están habilitadas en dispositivos de producción) del Linux integrado en el ClickShare Button está usando una contraseña débil. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software&# • CWE-521: Weak Password Requirements •
CVSS: 5.9EPSS: 1%CPEs: 8EXPL: 0CVE-2019-18827
https://notcve.org/view.php?id=CVE-2019-18827
On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware. En los dispositivos Barco ClickShare Button R9861500D01 (versiones de firmware anteriores a 1.9.0) el acceso JTAG se deshabilita después de una ejecución de código ROM. Esto significa que el acceso JTAG es posible cuando el sistema ejecuta código desde ROM antes de transferir el control al firmware incorporado. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software&# • CWE-285: Improper Authorization CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18826
https://notcve.org/view.php?id=CVE-2019-18826
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, presentan Seguimiento Inapropiado de una Cadena de Confianza del Certificado. El programa integrado "dongle_bridge" utilizado para exponer las funcionalidades del ClickShare Button en un host USB, no comprueba apropiadamente la cadena de certificados completa. • https://www.barco.com/en/clickshare/firmware-update • CWE-295: Improper Certificate Validation •