CVE-2020-28330
MEDIUMBarco wePresent WiPG-1600W Firmware 2.5.1.8 - Unprotected Transport of Credentials
Title source: llmDescription
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt
Scores
CVSS v3
6.5
EPSS
0.0115
EPSS Percentile
62.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (1)
barco/wepresent_wipg-1600w_firmware
2.5.1.8
Published
Nov 24, 2020
Tracked Since
Feb 18, 2026