Quentin Olagne

**Name of the Vulnerable Software and Affected Versions** WePresent WiPG-1500 version 1.0.3.7 **Description** The issue concerns a hardcoded username and password for a manufacturer account. When the device is set to DEBUG mode, an attacker can use the telnet protocol to connect to the device and log in with the hardcoded `abarco` account credentials. This account and the DEBUG feature are not documented, and the use of telnetd on port tcp/5885 is also undisclosed. **Recommendations** For WePresent WiPG-1500 version 1.0.3.7, as a temporary workaround, consider disabling the DEBUG mode to prevent unauthorized access until a patch is available. Restrict access to port tcp/5885 to minimize the risk of exploitation. Avoid using the hardcoded `abarco` account credentials in the affected device configuration until the issue is resolved.