Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-Interface.html | Third Party Advisory VDB Entry |
https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-24T17:38:53
Updated: 2020-11-24T17:40:09
Reserved: 2020-11-06T00:00:00
Link: CVE-2020-28331
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-24T18:15:12.127
Modified: 2022-07-12T17:42:04.277
Link: CVE-2020-28331
JSON object: View
Redhat Information
No data.
CWE