CVE-2017-6351

Name of the Vulnerable Software and Affected Versions WePresent WiPG-1500 version 1.0.3.7

Description The issue concerns a hardcoded username and password for a manufacturer account. When the device is set to DEBUG mode, an attacker can use the telnet protocol to connect to the device and log in with the hardcoded abarco account credentials. This account and the DEBUG feature are not documented, and the use of telnetd on port tcp/5885 is also undisclosed.

Recommendations For WePresent WiPG-1500 version 1.0.3.7, as a temporary workaround, consider disabling the DEBUG mode to prevent unauthorized access until a patch is available. Restrict access to port tcp/5885 to minimize the risk of exploitation. Avoid using the hardcoded abarco account credentials in the affected device configuration until the issue is resolved.