CVE-2017-6351
Last modified
CVE-2017-6351 is a vulnerability of currently unknown severity. The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. EPSS estimates a 7.12% chance of exploitation in the next 30 days.
Description
The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wepresent | Wipg-1500 Firmware | 1.0.3.7 |
References
- http://www.securityfocus.com/bid/96588Third Party Advisory, VDB Entry
- http://www.wepresentwifi.com/Vendor Advisory
- http://www.securityfocus.com/bid/96588Third Party Advisory, VDB Entry
- http://www.wepresentwifi.com/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-6351?
How severe is CVE-2017-6351?
How do I fix CVE-2017-6351?
Are you affected by CVE-2017-6351?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST