CVE-2019-18828
MEDIUMBarco ClickShare Button R9861500D01 <1.9.0 - Privilege Escalation
Title source: llmDescription
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password.
References (6)
Core 6
Core References
Product x_refsource_misc
https://www.barco.com/en/clickshare/firmware-update
Third Party Advisory x_refsource_misc
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
Product, Vendor Advisory x_refsource_misc
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
Product, Vendor Advisory x_refsource_misc
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
Product, Vendor Advisory x_refsource_misc
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
Product, Vendor Advisory x_refsource_misc
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
Scores
CVSS v3
6.8
EPSS
0.0038
EPSS Percentile
29.3%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-521
Status
published
Products (4)
barco/clickshare_cs-100_firmware
< 1.9.0
barco/clickshare_cse-200\+_firmware
< 1.9.0
barco/clickshare_cse-200_firmware
< 1.9.0
barco/clickshare_cse-800_firmware
< 1.9.0
Published
Dec 16, 2019
Tracked Since
Feb 18, 2026