English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

Barco ClickShare CSE-200 Firmware 1.6.0.3

CPE Details

Barco ClickShare CSE-200 Firmware 1.6.0.3
barco
clickshare_cse-200_firmware
1.6.0.3
2020-01-13 15:01 +00:00
2020-01-13 15:01 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:o:barco:clickshare_cse-200_firmware:1.6.0.3:*:*:*:*:*:*:*

Informations

Vendor

barco

Product

clickshare_cse-200_firmware

Version

1.6.0.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-18825 2019-12-17 12:49 +00:00 Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit implements encryption at rest using encryption keys which are shared across all ClickShare Base Units of models CS-100 & CSE-200.
7.5
HIGH
CVE-2019-18831 2019-12-16 15:21 +00:00 Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate.
5.3
MEDIUM
CVE-2019-18830 2019-12-16 15:19 +00:00 Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'.
9.8
CRITICAL
CVE-2019-18828 2019-12-16 15:17 +00:00 Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password.
6.8
MEDIUM
CVE-2019-18827 2019-12-16 15:15 +00:00 On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware.
5.9
MEDIUM
CVE-2019-18826 2019-12-16 15:13 +00:00 Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain.
9.8
CRITICAL
CVE-2016-3150 2017-01-12 22:00 +00:00 Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6.1
MEDIUM

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.