PT-2020-16977 · Barco · Barco Wepresent Wipg-1600W

Published

2020-11-24

Updated

2020-12-03

CVE-2020-28330

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Barco wePresent WiPG-1600W version 2.5.1.8

Description The issue concerns unprotected transport of credentials. An attacker can exploit this to issue an authenticated query and display the admin password for the main web user interface, which listens on port 443/tcp.

Recommendations For version 2.5.1.8, as a temporary workaround, consider restricting access to the admin interface until a patch is available.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2020-28330

Affected Products

Barco Wepresent Wipg-1600W

PT-2020-16977 · Barco · Barco Wepresent Wipg-1600W

CVE-2020-28330

Weakness Enumeration

Related Identifiers

Affected Products

References · 9