Podatność CVE-2020-28331


Publikacja: 2020-11-24

Opis:
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
Barco wePresent Global Hardcoded Root SSH Password
Jim Becher
21.11.2020
Med.
Barco wePresent Undocumented SSH Interface
Jim Becher
21.11.2020
Med.
Barco wePresent Insecure Firmware Image
Matthew Bergin
21.11.2020

Typ:

CWE-798

 Referencje:
http://packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-Interface.html
https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt

Copyright 2024, cxsecurity.com

 

Back to Top