Multiple vulnerabilities in Barco wePresent WiPG-1600W
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2020-28329 CVE-2020-28330 CVE-2020-28333 CVE-2020-28331 CVE-2020-28334 CVE-2020-28332 |
| CWE-ID | CWE-798 CWE-312 CWE-288 CWE-284 CWE-494 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
wePresent WiPG-1600W Hardware solutions / Office equipment, IP-phones, print servers |
| Vendor | Barco |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Use of hard-coded credentials
EUVDB-ID: #VU48580
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28329
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code, which include hardcoded credentials for the API and hardcoded password in clear text. A remote unauthenticated attacker can access the affected system via port 4001/tcp using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionswePresent WiPG-1600W: 2.4.1.19 - 2.5.1.8
External linkshttp://korelogic.com/Resources/Advisories/KL-001-2020-004.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cleartext storage of sensitive information
EUVDB-ID: #VU48581
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28330
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to application stores credentials in plain text. A remote attacker can obtain administrator's password via API request (see vulnerability #1) and obtain the administrator's password in clear text.This password can be used to login via the admin interface on port 443/tcp.
Install updates from vendor's website.
Vulnerable software versionswePresent WiPG-1600W: 2.5.1.8
External linkshttp://korelogic.com/Resources/Advisories/KL-001-2020-005.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Authentication bypass using an alternate path or channel
EUVDB-ID: #VU48582
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28333
CWE-ID:
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the way firmware handles authenticated sessions. The session token is passed via the HTTP GET "SEID" parameter. A remote attacker can obtain the session token via browser's HTTP Referer header and gain unauthorized access to the device.
Install updates from vendor's website.
Vulnerable software versionswePresent WiPG-1600W: 2.5.1.8
External linkshttp://korelogic.com/Resources/Advisories/KL-001-2020-006.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU48583
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28331
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to presence of an undocumented SSH server on the device. A remote authenticated attacker can activate the SSH server to gain remote access to the device.
Install updates from vendor's website.
Vulnerable software versionswePresent WiPG-1600W: 2.5.1.8
External linkshttp://korelogic.com/Resources/Advisories/KL-001-2020-007.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of hard-coded credentials
EUVDB-ID: #VU48584
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28334
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials for the root account. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionswePresent WiPG-1600W: 2.4.1.19 - 2.5.1.8
External linkshttp://korelogic.com/Resources/Advisories/KL-001-2020-008.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Download of code without integrity check
EUVDB-ID: #VU48585
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28332
CWE-ID:
CWE-494 - Download of Code Without Integrity Check
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to software does not perform software integrity check when downloading updates. A remote attacker with ability to perform man-in-the-middle (MitM) attack can supply a malicious software image and gain full control over the affected system after a successful software update.
MitigationInstall updates from vendor's website.
Vulnerable software versionswePresent WiPG-1600W: 2.4.1.19 - 2.5.1.8
External linkshttp://korelogic.com/Resources/Advisories/KL-001-2020-009.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
