// For flags

CVE-2020-28330

Barco wePresent Admin Credential Exposure

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device.

Los dispositivos Barco wePresent WiPG-1600W presentan un Transporte de Credenciales No Protegidas. Versión (s) afectada (s): 2.5.1.8. Un atacante armado con credenciales API embebidas (recuperadas mediante la explotación del CVE-2020-28329) puede emitir una consulta autenticada para mostrar la contraseña de administrador para la interfaz de usuario web principal que escucha en el puerto 443/tcp de un dispositivo Barco wePresent WiPG-1600W

An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2.5.1.8.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-11-06 CVE Reserved
  • 2020-11-20 CVE Published
  • 2024-03-29 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt 2024-08-04
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Barco
Search vendor "Barco"
 Wepresent Wipg-1600w Firmware
Search vendor "Barco" for product "Wepresent Wipg-1600w Firmware"
 2.5.1.8
Search vendor "Barco" for product "Wepresent Wipg-1600w Firmware" and version "2.5.1.8"
-
Affected
in Barco
Search vendor "Barco"
 Wepresent Wipg-1600w
Search vendor "Barco" for product "Wepresent Wipg-1600w"
--
Safe