CVE-2020-28330

MEDIUM

Barco Wepresent Wipg-1600w Firmware - Insufficiently Protected Cred...

Title source: rule

Description

Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device.

References (1)

[Exploit, Third Party Advisory] https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt

Scores

CVSS v3 6.5

EPSS 0.0037

EPSS Percentile 58.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

barco/wepresent_wipg-1600w_firmware

Timeline

Published Nov 24, 2020

Tracked Since Feb 18, 2026