Barco Wepresent Wipg-1600W Firmware vulnerabilities
8 known vulnerabilities affecting barco/wepresent_wipg-1600w_firmware.
Total CVEs
8
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-3929P1CRITICALCVSS 9.8KEVPoCfixed in 2.4.1.192019-04-30
CVE-2019-3929 [CRITICAL] CWE-79 CVE-2019-3929: The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P f
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, I
nvd
CVE-2019-3930P2CRITICALCVSS 9.8fixed in 2.4.1.192019-04-30
CVE-2019-3930 [CRITICAL] CWE-121 CVE-2019-3930: The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P f
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5,
nvd
CVE-2020-28334P2CRITICALCVSS 9.8v2.4.1.19v2.5.0.24+2 more2020-11-24
CVE-2020-28334 [CRITICAL] CVE-2020-28334: Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2
Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated e
nvd
CVE-2020-28333P2CRITICALCVSS 9.8v2.5.1.82020-11-24
CVE-2020-28333 [CRITICAL] CWE-200 CVE-2020-28333: Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Ba
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web prox
nvd
CVE-2020-28329P2CRITICALCVSS 9.8v2.4.1.19v2.5.0.24+2 more2020-11-24
CVE-2020-28329 [CRITICAL] CWE-798 CVE-2020-28329: Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverab
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.
nvd
CVE-2020-28332P3CRITICALCVSS 9.8v2.5.1.82020-11-24
CVE-2020-28332 [CRITICAL] CWE-494 CVE-2020-28332: Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images.
nvd
CVE-2020-28331P3HIGHCVSS 7.5v2.5.1.82020-11-24
CVE-2020-28331 [HIGH] CVE-2020-28331: Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The B
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon sho
nvd
CVE-2020-28330P3MEDIUMCVSS 6.5v2.5.1.82020-11-24
CVE-2020-28330 [MEDIUM] CVE-2020-28330: Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device.
nvd