Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.0.25:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-28329 |
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. Published: November 24, 2020; 3:15:11 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2020-28334 |
Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell. Published: November 24, 2020; 2:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |