Authentication Bypass Vulnerability in Barco wePresent WiPG-1600W Devices
CVE-2020-28333

9.8CRITICAL

Key Information:

Vendor

Barco

Status
Wepresent Wipg-1600w Firmware
Vendor
CVE Published:
24 November 2020

What is CVE-2020-28333?

Barco wePresent WiPG-1600W devices present a security risk due to a vulnerability that allows attackers to bypass authentication. This issue arises from the use of a 'SEID' token, which is included in URLs instead of utilizing secure session cookies. As a result, the 'SEID' may be exposed in web proxy logs and browser histories. An attacker monitoring these logs can capture the token and send requests from the same IP address, gaining unauthorized access to the device's user interface without requiring user credentials.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://packetstormsecurity.com/files/160161/Barco-wePrese...
x_refsource_MISC
https://korelogic.com/Resources/Advisories/KL-001-2020-00...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.