VYPR

ClickShare Button

by Barco

CVEs (11)

  • CVE-2018-10943HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit.

  • CVE-2017-12460MedOct 30, 2017
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a…

  • CVE-2019-18833Dec 17, 2019
    risk 0.00cvss epss 0.00

    Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a…

  • CVE-2019-18832Dec 17, 2019
    risk 0.00cvss epss 0.00

    Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01.

  • CVE-2019-18829Dec 17, 2019
    risk 0.00cvss epss 0.00

    Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity.

  • CVE-2019-18824Dec 17, 2019
    risk 0.00cvss epss 0.00

    Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The ClickShare Button does not verify the integrity of the mutable content on the UBIFS partition before being used.

  • CVE-2019-18831Dec 16, 2019
    risk 0.00cvss epss 0.01

    Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate.

  • CVE-2019-18830Dec 16, 2019
    risk 0.00cvss epss 0.04

    Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could…

  • CVE-2019-18828Dec 16, 2019
    risk 0.00cvss epss 0.00

    Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak…

  • CVE-2019-18827Dec 16, 2019
    risk 0.00cvss epss 0.01

    On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware.

  • CVE-2019-18826Dec 16, 2019
    risk 0.00cvss epss 0.01

    Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate…