CVE-2017-6351

HIGH

Wepresent Wipg-1500 Firmware - Hard-coded Credentials

Title source: rule

Description

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885.

Exploits (1)

exploitdb WRITEUP

by Quentin Olagne · textremotehardware

https://www.exploit-db.com/exploits/41480

View Code ZIP pw:eip

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

http://www.wepresentwifi.com/

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41480/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96588

Scores

CVSS v3 8.1

EPSS 0.0898

EPSS Percentile 92.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

wepresent/wipg-1500_firmware 1.0.3.7

Published Mar 06, 2017

Tracked Since Feb 18, 2026