CVE-2020-28330

Published: Nov 24, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device.

Affected (1)

Products: Barco: Wepresent Wipg 1600w Firmware

1 product

Wepresent Wipg 1600w Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Barco Wepresent Wipg 1600w Firmware	Version 2.5.1.8

Running on/with	Platform Versions
Barco Wepresent Wipg 1600w	All versions

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt

Source: cve@mitre.org

ExploitThird Party Advisory

https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.