CVE-2019-18828

Name of the Vulnerable Software and Affected Versions Barco ClickShare CS-100 versions not specified Barco ClickShare CSE-200 versions not specified Barco ClickShare CSE-200+ versions not specified Barco ClickShare CSE-800 versions not specified Barco ClickShare Button R9861500D01 devices versions prior to 1.9.0

Description The issue is related to insufficient protection of registration data in the software of wireless systems. Exploitation of this issue may allow an attacker to elevate their privileges. The root account of the embedded Linux on the ClickShare Button uses a weak password, which is present for access via debug interfaces. These interfaces are not enabled by default on production devices.

Recommendations For Barco ClickShare CS-100, update to a version that addresses the issue, if available. For Barco ClickShare CSE-200, update to a version that addresses the issue, if available. For Barco ClickShare CSE-200+, update to a version that addresses the issue, if available. For Barco ClickShare CSE-800, update to a version that addresses the issue, if available. For Barco ClickShare Button R9861500D01 devices, update to version 1.9.0 or later. As a temporary workaround, consider disabling access to debug interfaces until a patch is available.