CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 2CVE-2020-28332 – Barco wePresent Insecure Firmware Image
https://notcve.org/view.php?id=CVE-2020-28332
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images. Los dispositivos Barco wePresent WiPG-1600W descargan el código sin una Comprobación de Integridad. Versiones afectadas: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. • http://packetstormsecurity.com/files/160164/Barco-wePresent-Insecure-Firmware-Image.html https://korelogic.com/Resources/Advisories/KL-001-2020-009.txt • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 2CVE-2020-28334 – Barco wePresent Global Hardcoded Root SSH Password
https://notcve.org/view.php?id=CVE-2020-28334
Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell. Los dispositivos Barco wePresent WiPG-1600W utilizan Credenciales Embebidas (problema 2 de 2). • http://packetstormsecurity.com/files/160163/Barco-wePresent-Global-Hardcoded-Root-SSH-Password.html https://korelogic.com/Resources/Advisories/KL-001-2020-008.txt • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28331 – Barco wePresent Undocumented SSH Interface
https://notcve.org/view.php?id=CVE-2020-28331
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. • http://packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-Interface.html https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28333 – Barco wePresent Authentication Bypass
https://notcve.org/view.php?id=CVE-2020-28333
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. • http://packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.html https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-28330 – Barco wePresent Admin Credential Exposure
https://notcve.org/view.php?id=CVE-2020-28330
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device. Los dispositivos Barco wePresent WiPG-1600W presentan un Transporte de Credenciales No Protegidas. Versión (s) afectada (s): 2.5.1.8. • https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt • CWE-522: Insufficiently Protected Credentials •