Barco
Products
14- 11 CVEs
- 8 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3152 | Cri | 0.64 | 9.8 | 0.03 | Jan 12, 2017 | Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. | ||
| CVE-2016-3149 | Cri | 0.64 | 9.8 | 0.08 | Jan 12, 2017 | Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2017-9377 | Hig | 0.58 | 8.8 | 0.04 | Oct 30, 2017 | A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device. | ||
| CVE-2024-53919 | Hig | 0.49 | 7.6 | 0.00 | Dec 10, 2024 | An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root. | ||
| CVE-2018-10943 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2018 | An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit. | ||
| CVE-2016-3151 | Hig | 0.49 | 7.5 | 0.04 | Jan 12, 2017 | Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow… | ||
| CVE-2016-3150 | Med | 0.40 | 6.1 | 0.01 | Jan 12, 2017 | Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary… | ||
| CVE-2017-12460 | Med | 0.35 | 5.4 | 0.01 | Oct 30, 2017 | An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a… | ||
| CVE-2019-3929 | 0.23 | — | 0.99 | KEV | Apr 30, 2019 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware… | ||
| CVE-2022-26233 | 0.06 | — | 0.15 | Apr 3, 2022 | Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring. | |||
| CVE-2020-28334 | 0.01 | — | 0.05 | Nov 24, 2020 | Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329,… | |||
| CVE-2019-3930 | 0.01 | — | 0.07 | Apr 30, 2019 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware… | |||
| CVE-2022-26978 | 0.00 | — | 0.01 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. | |||
| CVE-2022-26977 | 0.00 | — | 0.01 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. | |||
| CVE-2022-26976 | 0.00 | — | 0.00 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. | |||
| CVE-2022-26975 | 0.00 | — | 0.01 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. | |||
| CVE-2022-26974 | 0.00 | — | 0.01 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. | |||
| CVE-2022-26973 | 0.00 | — | 0.01 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. | |||
| CVE-2022-26972 | 0.00 | — | 0.01 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. | |||
| CVE-2022-26971 | 0.00 | — | 0.01 | Jun 1, 2022 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication. |
- risk 0.64cvss 9.8epss 0.03
Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image.
- risk 0.64cvss 9.8epss 0.08
Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.58cvss 8.8epss 0.04
A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device.
- risk 0.49cvss 7.6epss 0.00
An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit.
- risk 0.49cvss 7.5epss 0.04
Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary…
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a…
- risk 0.23cvss —epss 0.99
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…
- CVE-2022-26233Apr 3, 2022risk 0.06cvss —epss 0.15
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
- CVE-2020-28334Nov 24, 2020risk 0.01cvss —epss 0.05
Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329,…
- CVE-2019-3930Apr 30, 2019risk 0.01cvss —epss 0.07
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…
- CVE-2022-26978Jun 1, 2022risk 0.00cvss —epss 0.01
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.
- CVE-2022-26977Jun 1, 2022risk 0.00cvss —epss 0.01
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.
- CVE-2022-26976Jun 1, 2022risk 0.00cvss —epss 0.00
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.
- CVE-2022-26975Jun 1, 2022risk 0.00cvss —epss 0.01
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.
- CVE-2022-26974Jun 1, 2022risk 0.00cvss —epss 0.01
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS.
- CVE-2022-26973Jun 1, 2022risk 0.00cvss —epss 0.01
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.
- CVE-2022-26972Jun 1, 2022risk 0.00cvss —epss 0.01
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.
- CVE-2022-26971Jun 1, 2022risk 0.00cvss —epss 0.01
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.