CVE-2020-28333
Description
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. An attacker that is able to capture the "SEID" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Barco wePresent WiPG-1600W uses a SEID token in URLs instead of session cookies, allowing attackers with network access to captured tokens to bypass authentication.
Vulnerability
The Barco wePresent WiPG-1600W (firmware version 2.5.1.8) uses a "SEID" token appended to URLs in GET requests (and in POST bodies) to track authenticated sessions, rather than using session cookies. This exposes the SEID in web proxy logs, browser history, and other network traces. The web interface on the device does not enforce proper session management, allowing an attacker who captures a valid SEID to access protected pages and make configuration changes without authentication [1][2].
Exploitation
An attacker must capture a valid SEID token (e.g., from a proxy log, browser history, or man-in-the-middle position) and originate requests from the same IP address as the original session (e.g., via a NAT device or web proxy spoofing). With the SEID, the attacker can directly access URLs (e.g., https://device/cgi-bin/web_index.cgi?lang=en&src=AwSystem.html&SEID) or make POST requests with the SEID in the body to perform administrative actions [1].
Impact
Successful exploitation grants the attacker full access to the device's web interface without knowing the credentials. This includes the ability to view and modify configuration settings, potentially compromising the device's operation, network segmentation, or leading to further attacks against connected systems. The attacker does not gain complete system control beyond the web interface but can alter device behavior [1].
Mitigation
As of the advisory publication date (2020-11-20), no patch or firmware update has been released by Barco to address this issue. The vendor has not responded to disclosures, and no workaround is provided in the available references. Users are advised to restrict network access to the device, monitor for unusual SEID usage, and consider network segmentation or proxy blocking where feasible [1][2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Barco/wePresent WiPG-1600Wdescription
- Range: =2.5.1.8
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.htmlmitrex_refsource_MISC
- korelogic.com/Resources/Advisories/KL-001-2020-006.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.