Authentication Bypass Vulnerability in Barco wePresent WiPG-1600W Devices
CVE-2020-28333

9.8CRITICAL

Key Information:

Vendor: Barco
Status: Wepresent Wipg-1600w Firmware
Vendor: CVE Published:; 24 November 2020

What is CVE-2020-28333?

Barco wePresent WiPG-1600W devices present a security risk due to a vulnerability that allows attackers to bypass authentication. This issue arises from the use of a 'SEID' token, which is included in URLs instead of utilizing secure session cookies. As a result, the 'SEID' may be exposed in web proxy logs and browser histories. An attacker monitoring these logs can capture the token and send requests from the same IP address, gaining unauthorized access to the device's user interface without requiring user credentials.

References

http://packetstormsecurity.com/files/160161/Barco-wePrese...

x_refsource_MISC

https://korelogic.com/Resources/Advisories/KL-001-2020-00...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 24, 2020
Vulnerability Reserved
Nov 6, 2020