CVE-2020-28333

Name of the Vulnerable Software and Affected Versions Barco wePresent WiPG-1600W version 2.5.1.8

Description The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions, instead using a SEID token appended to URLs in GET requests. This SEID token can be exposed in web proxy logs and browser history. An attacker who captures the SEID and originates requests from the same IP address can access the device's user interface without knowing the credentials.

Recommendations For version 2.5.1.8, as a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the SEID token in GET requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.