Insufficient Credential Protection in Barco ClickShare Button R9861500D01
CVE-2019-18828

6.8MEDIUM

Key Information:

Vendor

Barco

Status
Clickshare Cs-100 Firmware
Vendor
CVE Published:
16 December 2019

What is CVE-2019-18828?

The Barco ClickShare Button R9861500D01 is susceptible to vulnerabilities due to its use of weak passwords for the root account on its embedded Linux system. This weakness is particularly concerning as it involves insufficiently protected credentials that could potentially be exploited, although the debug interfaces providing access to these credentials are not enabled by default in production devices. Older versions prior to 1.9.0 are at risk, and users are encouraged to update their devices to mitigate this security flaw.

References

https://www.barco.com/en/clickshare/firmware-update
x_refsource_MISC
https://labs.f-secure.com/advisories/multiple-vulnerabili...
x_refsource_MISC
https://www.barco.com/en/support/software/R33050069?major...
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-18828 : Insufficient Credential Protection in Barco ClickShare Button R9861500D01