Barco wePresent Hardcoded API Credentials
Posted by deepcore on November 21, 2020 – 9:35 pm
Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Versions affected include 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19.
Post a reply
You must be logged in to post a comment.