← Back

CVE-2020-28334

nvd nist
Published: Nov 24, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell.

Affected (4)

Barco
1 product
Wepresent Wipg 1600w Firmware
Configuration A
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Barco
Wepresent Wipg 1600w Firmware
Version 2.4.1.19
Wepresent Wipg 1600w Firmware
Version 2.5.0.24
Wepresent Wipg 1600w Firmware
Version 2.5.0.25
Wepresent Wipg 1600w Firmware
Version 2.5.1.8
Running on/withPlatform Versions
Barco
Wepresent Wipg 1600w
All versions

Related CWEs

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.