CVE-2019-18828

EUVD-2019-8530
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
barcoclickshare_cs-100_firmware
𝑥
< 1.9.0
barcoclickshare_cse-200_firmware
𝑥
< 1.9.0
barcoclickshare_cse-200\+_firmware
𝑥
< 1.9.0
barcoclickshare_cse-800_firmware
𝑥
< 1.9.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
https://www.barco.com/en/clickshare/firmware-update
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
https://www.barco.com/en/clickshare/firmware-update
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007