← Back to CVE List

CVE-2020-28331

Published: 2020-11-24T18:15Z
Last Modified: 2024-11-21T05:22Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt