CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-28329 – Barco wePresent Admin Credential Exposure
https://notcve.org/view.php?id=CVE-2020-28329
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. El firmware Barco wePresent WiPG-1600W incluye una cuenta y contraseña de API embebidas que se pueden detectar al inspeccionar la imagen del firmware. Un actor malicioso podría usar esta contraseña para acceder a funciones administrativas autenticadas en la API. • https://korelogic.com/Resources/Advisories/KL-001-2020-004.txt • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18833
https://notcve.org/view.php?id=CVE-2019-18833
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.9.0, permiten una exposición de información (problema 2 de 2). La clave de cifrado del contenido multimedia que se compartió entre un ClickShare Button y un ClickShare Base Unit es generada aleatoriamente para cada nueva sesión y se comunicó por medio de una conexión TLS. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18832
https://notcve.org/view.php?id=CVE-2019-18832
Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.9.0, tienen una Gestión de Credenciales incorrecta. Los ClickShare Button implementan el cifrado en reposo que utiliza una clave de cifrado AES (OTP) programable de una sola vez. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18829
https://notcve.org/view.php?id=CVE-2019-18829
Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.10.0.13, no poseen un soporte para la comprobación de integridad. El binario firmado "Clickshare_For_Windows.exe" sobre el ClickShare Button (R9861500D01) carga una cantidad de archivos DLL dinámicamente sin comprobar su integridad • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-18825
https://notcve.org/view.php?id=CVE-2019-18825
Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit implements encryption at rest using encryption keys which are shared across all ClickShare Base Units of models CS-100 & CSE-200. Los dispositivos Barco ClickShare Huddle CS-100 versiones anteriores a la versión 1.9.0 y CSE-200 versiones anteriores a la versión 1.9.0, tienen una Gestión de Credenciales incorrecta. La ClickShare Base Unit implementa el cifrado en reposo utilizando claves de cifrado que son compartidas por medio de todas las ClickShare Base Units de los modelos CS-100 y CSE-200. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update •