CVE-2017-6351

HIGH

WePresent WiPG-1500 Firmware 1.0.3.7 - Use of Hard-coded Credentials via Telnet Debug Mode

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-6351. PoCs published by Quentin Olagne.

AI-analyzed exploit summary This writeup describes an undocumented manufacturer backdoor account ('abarco') in WePresent WiPG-1500 devices, accessible via telnet on port 5885 when DEBUG mode is enabled. The vulnerability allows unauthorized access due to hardcoded credentials.

Description

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885.

Exploits (1)

exploitdb WRITEUP

by Quentin Olagne · textremotehardware

https://www.exploit-db.com/exploits/41480

View Code ZIP pw:eip

This writeup describes an undocumented manufacturer backdoor account ('abarco') in WePresent WiPG-1500 devices, accessible via telnet on port 5885 when DEBUG mode is enabled. The vulnerability allows unauthorized access due to hardcoded credentials.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WePresent WiPG-1500 (all versions up to firmware 1.0.3.7)

No auth needed

Prerequisites: DEBUG mode enabled on the device · Network access to the device

MITRE ATT&CK

T1078 - Valid Accounts T1021 - Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

http://www.wepresentwifi.com/

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41480/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96588

Scores

CVSS v3 8.1

EPSS 0.0712

EPSS Percentile 93.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

wepresent/wipg-1500_firmware 1.0.3.7

Published Mar 06, 2017

Tracked Since Feb 18, 2026