CVE-2020-28329

Name of the Vulnerable Software and Affected Versions Barco wePresent WiPG-1600W versions 2.4.1.19, 2.5.0.24, 2.5.0.25, 2.5.1.8

Description The firmware of the Barco wePresent WiPG-1600W includes a hardcoded API account and password that can be discovered by inspecting the firmware image. This allows a malicious actor to use the password to access authenticated, administrative functions in the API.

Recommendations For version 2.4.1.19, update to a version that does not include the hardcoded API account and password. For version 2.5.0.24, update to a version that does not include the hardcoded API account and password. For version 2.5.0.25, update to a version that does not include the hardcoded API account and password. For version 2.5.1.8, update to a version that does not include the hardcoded API account and password. As a temporary workaround, consider restricting access to the administrative API functions until a patch is available.