CVE-2020-28334
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
24/11/2020
Last modified:
03/12/2020
Description
Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.4.1.19:*:*:*:*:*:*:* | ||
| cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.0.24:*:*:*:*:*:*:* | ||
| cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.0.25:*:*:*:*:*:*:* | ||
| cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page