Описание
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.4.1.19:*:*:*:*:*:*:*
cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.0.24:*:*:*:*:*:*:*
cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.0.25:*:*:*:*:*:*:*
cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.1.8:*:*:*:*:*:*:*
cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00706
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-798
Связанные уязвимости
github
больше 3 лет назад
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.
EPSS
Процентиль: 72%
0.00706
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-798