CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-18825
https://notcve.org/view.php?id=CVE-2019-18825
17 Dec 2019 — Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit implements encryption at rest using encryption keys which are shared across all ClickShare Base Units of models CS-100 & CSE-200. Los dispositivos Barco ClickShare Huddle CS-100 versiones anteriores a la versión 1.9.0 y CSE-200 versiones anteriores a la versión 1.9.0, tienen una Gestión de Credenciales incorrecta. La ClickShare Base Unit implementa el cifrado e... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18831
https://notcve.org/view.php?id=CVE-2019-18831
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, permiten una exposición de información. El firmware de cifrado de ClickShare Button contiene la clave privada de un certificado de dispositivo de prueba. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 7%CPEs: 8EXPL: 0CVE-2019-18830
https://notcve.org/view.php?id=CVE-2019-18830
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, permiten una inyección de comandos de sistema operativo. El... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18828
https://notcve.org/view.php?id=CVE-2019-18828
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, poseen credenciales insuficientemente protegidas. La cuenta root (presente para el acceso por medio de interfaces de depuración, que por defe... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-521: Weak Password Requirements •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18827
https://notcve.org/view.php?id=CVE-2019-18827
16 Dec 2019 — On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware. En los dispositivos Barco ClickShare Button R9861500D01 (versiones de firmware anteriores a 1.9.0) el acceso JTAG se deshabilita después de una ejecución de código ROM. Esto significa que el acceso JTAG es posible cuando el sistema ejecuta código desde... • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare • CWE-285: Improper Authorization CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18826
https://notcve.org/view.php?id=CVE-2019-18826
16 Dec 2019 — Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, presentan Seguimiento Inapropiado de una Cadena de Confianza del Certificado. El programa integrado "dongle_bridge" utilizado para exponer las fu... • https://www.barco.com/en/clickshare/firmware-update • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10943
https://notcve.org/view.php?id=CVE-2018-10943
10 Jul 2018 — An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit. Se ha descubierto un problema en las unidades base Barco ClickShare CSE-200 y CS-100 con firmware en versiones anteriores a la 1.6.0.3. El envío de una cadena arbitraria inesperada al puerto TCP 7100 respetando una determinada frecuencia de tiempo descon... • https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3150 – Barco ClickShare XSS / Remote Code Execution / Path Traversal
https://notcve.org/view.php?id=CVE-2016-3150
14 Nov 2016 — Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en wallpaper.php en el Base Unit en dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03, CSM-1 con firmware anteriores a 01.06.02 y CSE-200 con firmwa... • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-3151 – Barco ClickShare XSS / Remote Code Execution / Path Traversal
https://notcve.org/view.php?id=CVE-2016-3151
14 Nov 2016 — Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. Vulnerabilidad de salto de directorio en la funcionalidad de análisis de fondos de pantalla en dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03, CSM-1 con firmware anterior a 01.06.02 y CSE-... • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •