wePresent WiPG-1000P

CVEs (8)

CVE	Vendor / Product	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2019-3929	Crestron AM-100	0.23	—	0.94	KEV	Apr 30, 2019	The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…
CVE-2020-28334	Barco wePresent WiPG-1000P	0.01	—	0.16		Nov 24, 2020	Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329,…
CVE-2019-3930	Crestron AM-100	0.01	—	0.09		Apr 30, 2019	The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…
CVE-2020-28329	Barco wePresent WiPG-1000P	0.00	—	0.01		Nov 24, 2020	Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8,…
CVE-2020-28332	Barco wePresent WiPG-1000P	0.00	—	0.00		Nov 24, 2020	Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing…
CVE-2020-28330	Barco wePresent WiPG-1000P	0.00	—	0.00		Nov 24, 2020	Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web…
CVE-2020-28333	Barco wePresent WiPG-1000P	0.00	—	0.01		Nov 24, 2020	Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end…
CVE-2020-28331	Barco wePresent WiPG-1000P	0.00	—	0.01		Nov 24, 2020	Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system…

CVE-2019-3929KEVApr 30, 2019
Crestron
AM-100
risk 0.23cvss —epss 0.94
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…
CVE-2020-28334Nov 24, 2020
Barco
wePresent WiPG-1000P
risk 0.01cvss —epss 0.16
Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329,…
CVE-2019-3930Apr 30, 2019
Crestron
AM-100
risk 0.01cvss —epss 0.09
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…
CVE-2020-28329Nov 24, 2020
Barco
wePresent WiPG-1000P
risk 0.00cvss —epss 0.01
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8,…
CVE-2020-28332Nov 24, 2020
Barco
wePresent WiPG-1000P
risk 0.00cvss —epss 0.00
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing…
CVE-2020-28330Nov 24, 2020
Barco
wePresent WiPG-1000P
risk 0.00cvss —epss 0.00
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web…
CVE-2020-28333Nov 24, 2020
Barco
wePresent WiPG-1000P
risk 0.00cvss —epss 0.01
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end…
CVE-2020-28331Nov 24, 2020
Barco
wePresent WiPG-1000P
risk 0.00cvss —epss 0.01
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system…