CVE-2019-18828

Published: Dec 16, 2019Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password.

Affected (4)

Products: Barco: Clickshare Cs 100 Firmware, Clickshare Cse 200+ Firmware, Clickshare Cse 800 Firmware

3 products

Clickshare Cs 100 Firmware

Clickshare Cse 200+ Firmware

Clickshare Cse 800 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Barco Clickshare Cs 100 Firmware	Before 1.9.0

Running on/with	Platform Versions
Barco Clickshare Cs 100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Barco Clickshare Cse 200 Firmware	Before 1.9.0

Running on/with	Platform Versions
Barco Clickshare Cse 200	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Barco Clickshare Cse 200+ Firmware	Before 1.9.0

Running on/with	Platform Versions
Barco Clickshare Cse 200+	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Barco Clickshare Cse 800 Firmware	Before 1.9.0

Running on/with	Platform Versions
Barco Clickshare Cse 800	All versions

Related CWEs

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References (12)

https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/

Source: cve@mitre.org

Third Party Advisory

https://www.barco.com/en/clickshare/firmware-update

Source: cve@mitre.org

Product

https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

Source: cve@mitre.org

ProductVendor Advisory

https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

Source: cve@mitre.org

ProductVendor Advisory

https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

Source: cve@mitre.org

ProductVendor Advisory

https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

Source: cve@mitre.org

ProductVendor Advisory

https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.barco.com/en/clickshare/firmware-update

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.