CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18831
https://notcve.org/view.php?id=CVE-2019-18831
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, permiten una exposición de información. El firmware de cifrado de ClickShare Button contiene la clave privada de un certificado de dispositivo de prueba. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 7%CPEs: 8EXPL: 0CVE-2019-18830
https://notcve.org/view.php?id=CVE-2019-18830
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, permiten una inyección de comandos de sistema operativo. El... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18828
https://notcve.org/view.php?id=CVE-2019-18828
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, poseen credenciales insuficientemente protegidas. La cuenta root (presente para el acceso por medio de interfaces de depuración, que por defe... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-521: Weak Password Requirements •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18827
https://notcve.org/view.php?id=CVE-2019-18827
16 Dec 2019 — On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware. En los dispositivos Barco ClickShare Button R9861500D01 (versiones de firmware anteriores a 1.9.0) el acceso JTAG se deshabilita después de una ejecución de código ROM. Esto significa que el acceso JTAG es posible cuando el sistema ejecuta código desde... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-285: Improper Authorization CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18826
https://notcve.org/view.php?id=CVE-2019-18826
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, presentan Seguimiento Inapropiado de una Cadena de Confianza del Certificado. El programa integrado "dongle_bridge" utilizado para exponer las fu... • https://www.barco.com/en/clickshare/firmware-update • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10943
https://notcve.org/view.php?id=CVE-2018-10943
10 Jul 2018 — An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit. Se ha descubierto un problema en las unidades base Barco ClickShare CSE-200 y CS-100 con firmware en versiones anteriores a la 1.6.0.3. El envío de una cadena arbitraria inesperada al puerto TCP 7100 respetando una determinada frecuencia de tiempo descon... • https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003 • CWE-20: Improper Input Validation •