CVE-2020-28331
Description
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Barco wePresent WiPG-1600W firmware 2.5.1.8 allows an attacker to enable the SSH daemon via a crafted POST request, bypassing access controls.
Vulnerability
The Barco wePresent WiPG-1600W device running firmware version 2.5.1.8 includes an SSH daemon (dropbear) that is disabled by default. The system initialization script (/etc/init.d/S41ssh) reads the configuration variable RD_DEBUG_MODE from the device configuration file (/etc/content/AwDefault.xml). The SSH daemon only starts if this variable is set to 1. The web interface does not provide a visible option to change this setting, but the configuration can be altered via a POST request without proper authentication [1].
Exploitation
An attacker with network access to the device's web interface can send a crafted POST request that includes the RD_DEBUG_MODE variable set to 1. This modifies the device configuration, causing the SSH daemon to start automatically on the next system boot. No authentication is required to perform this action, as the web interface does not enforce access controls on this configuration endpoint [1].
Impact
Successful exploitation enables the SSH daemon, granting an attacker remote command-line access to the device. This can lead to full compromise of the wePresent device, including access to sensitive data, modification of device settings, and potential use as a pivot point for further network attacks [1].
Mitigation
As of the advisory publication date (2020-11-20), no official firmware patch has been released by Barco. Workarounds include restricting network access to the web interface (e.g., via firewall rules or VLAN segmentation) and disabling the web interface if not required. Users should monitor vendor updates for a permanent fix [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Barco/wePresent WiPG-1600Wdescription
- Range: =2.5.1.8
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-Interface.htmlmitrex_refsource_MISC
- korelogic.com/Resources/Advisories/KL-001-2020-007.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.