VYPR
Vendor

Barco

Products
14
CVEs
41
Across products
53
Status
Private

Products

14

Recent CVEs

41
View all 41 CVEs →
  • CVE-2016-3152CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.03

    Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image.

  • CVE-2016-3149CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.08

    Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2017-9377HigOct 30, 2017
    risk 0.58cvss 8.8epss 0.04

    A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device.

  • CVE-2024-53919HigDec 10, 2024
    risk 0.49cvss 7.6epss 0.00

    An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root.

  • CVE-2018-10943HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit.

  • CVE-2016-3151HigJan 12, 2017
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow…

  • CVE-2016-3150MedJan 12, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary…

  • CVE-2017-12460MedOct 30, 2017
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a…

  • CVE-2019-3929KEVApr 30, 2019
    risk 0.23cvss epss 0.99

    The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…

  • CVE-2022-26233Apr 3, 2022
    risk 0.06cvss epss 0.15

    Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.

  • CVE-2020-28334Nov 24, 2020
    risk 0.01cvss epss 0.05

    Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329,…

  • CVE-2019-3930Apr 30, 2019
    risk 0.01cvss epss 0.07

    The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…

  • CVE-2022-26978Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.

  • CVE-2022-26977Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.

  • CVE-2022-26976Jun 1, 2022
    risk 0.00cvss epss 0.00

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.

  • CVE-2022-26975Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.

  • CVE-2022-26974Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS.

  • CVE-2022-26973Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.

  • CVE-2022-26972Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.

  • CVE-2022-26971Jun 1, 2022
    risk 0.00cvss epss 0.01

    Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.

VYPR — Vulnerability Intelligence