Jimbecher

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue in the Web Application of the CommScope Ruckus IoT Controller allows authenticated users to perform arbitrary read/write actions. The API endpoint allows an HTTP POST request to write arbitrary content into any file on the filesystem with root privileges. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, consider restricting access to the API endpoint that allows arbitrary file writes until a patch is available. As a temporary workaround, limit the privileges of authenticated users to prevent them from performing arbitrary read/write actions on the filesystem.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue was discovered that involves Unauthenticated API Endpoints. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, consider restricting access to the API endpoints as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue was discovered where hard-coded API keys exist. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, update to a version that addresses the issue of hard-coded API keys.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue was discovered where hard-coded web application administrator passwords exist for the `admin` and `nplus1user` accounts. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, consider changing the hard-coded passwords for the `admin` and `nplus1user` accounts to unique, strong passwords as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue was discovered that allows Directory Traversal through the API. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, update to a version later than 1.7.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue was discovered that involves hard-coded system passwords, which provide shell access. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, consider changing the hard-coded system passwords to unique, strong passwords to prevent unauthorized shell access. As a temporary workaround, restrict access to the shell to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue exists in the CommScope Ruckus IoT Controller, where an undocumented backdoor allows shell access via a developer account. This backdoor enables unauthorized access, potentially leading to further exploitation. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, as a temporary workaround, consider disabling developer account access until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Barco wePresent WiPG-1600W versions 2.4.1.19, 2.5.0.24, 2.5.0.25, 2.5.1.8 **Description** The firmware of the Barco wePresent WiPG-1600W includes a hardcoded API account and password that can be discovered by inspecting the firmware image. This allows a malicious actor to use the password to access authenticated, administrative functions in the API. **Recommendations** For version 2.4.1.19, update to a version that does not include the hardcoded API account and password. For version 2.5.0.24, update to a version that does not include the hardcoded API account and password. For version 2.5.0.25, update to a version that does not include the hardcoded API account and password. For version 2.5.1.8, update to a version that does not include the hardcoded API account and password. As a temporary workaround, consider restricting access to the administrative API functions until a patch is available.

🚨 CVE-2020-28334 Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell. 🎖@cveNotify

**Name of the Vulnerable Software and Affected Versions** Barco wePresent WiPG-1600W version 2.5.1.8 **Description** The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions, instead using a `SEID` token appended to URLs in GET requests. This `SEID` token can be exposed in web proxy logs and browser history. An attacker who captures the `SEID` and originates requests from the same IP address can access the device's user interface without knowing the credentials. **Recommendations** For version 2.5.1.8, as a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the `SEID` token in GET requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Barco wePresent WiPG-1600W version 2.5.1.8 **Description** The issue concerns improper access control in the Barco wePresent WiPG-1600W device. The device includes an SSH daemon in its firmware image, which is disabled by default and does not start at system boot. However, a malicious actor can manipulate the device configuration by including a specific variable in a POST request, causing the SSH daemon to start when the device boots. This could potentially allow unauthorized access to the device. **Recommendations** For version 2.5.1.8, as a temporary workaround, consider disabling any functionality that could be used to start the SSH daemon until a patch is available. Restrict access to the device's configuration to minimize the risk of exploitation. Avoid using the web interface to alter the device configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.