CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2020-28333 – Barco wePresent Authentication Bypass
https://notcve.org/view.php?id=CVE-2020-28333
20 Nov 2020 — Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. • https://packetstorm.news/files/id/160161 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18833
https://notcve.org/view.php?id=CVE-2019-18833
17 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18832
https://notcve.org/view.php?id=CVE-2019-18832
17 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.9.0, tienen una Gestión de Credenciales incorrecta. Los ClickShare Button implementan el cifrado en reposo que utiliza una clave de cifrado AES... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18829
https://notcve.org/view.php?id=CVE-2019-18829
17 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.10.0.13, no poseen un soporte para la comprobación de integridad. El binario firmado "Clickshare_For_Windows.exe" sobre el ClickShare Button (R9861500D01... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-18825
https://notcve.org/view.php?id=CVE-2019-18825
17 Dec 2019 — Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit implements encryption at rest using encryption keys which are shared across all ClickShare Base Units of models CS-100 & CSE-200. Los dispositivos Barco ClickShare Huddle CS-100 versiones anteriores a la versión 1.9.0 y CSE-200 versiones anteriores a la versión 1.9.0, tienen una Gestión de Credenciales incorrecta. La ClickShare Base Unit implementa el cifrado e... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18824
https://notcve.org/view.php?id=CVE-2019-18824
17 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The ClickShare Button does not verify the integrity of the mutable content on the UBIFS partition before being used. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.10.0.13, tienen una Falta de Soporte para la Comprobación de Integridad. Los ClickShare Button no comprueban la integridad del contenido mutable en la partición UBIFS antes de ser utilizada • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18831
https://notcve.org/view.php?id=CVE-2019-18831
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, permiten una exposición de información. El firmware de cifrado de ClickShare Button contiene la clave privada de un certificado de dispositivo de prueba. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 7%CPEs: 8EXPL: 0CVE-2019-18830
https://notcve.org/view.php?id=CVE-2019-18830
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, permiten una inyección de comandos de sistema operativo. El... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18828
https://notcve.org/view.php?id=CVE-2019-18828
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, poseen credenciales insuficientemente protegidas. La cuenta root (presente para el acceso por medio de interfaces de depuración, que por defe... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-521: Weak Password Requirements •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18827
https://notcve.org/view.php?id=CVE-2019-18827
16 Dec 2019 — On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware. En los dispositivos Barco ClickShare Button R9861500D01 (versiones de firmware anteriores a 1.9.0) el acceso JTAG se deshabilita después de una ejecución de código ROM. Esto significa que el acceso JTAG es posible cuando el sistema ejecuta código desde... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-285: Improper Authorization CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •