Vulnerabilities > Barco > Clickshare CSE 200 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-12-17 CVE-2019-18825 Unspecified vulnerability in Barco products
Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management.
network
low complexity
barco
5.0
2019-12-16 CVE-2019-18831 Use of Hard-coded Credentials vulnerability in Barco products
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure.
network
barco CWE-798
3.5
2019-12-16 CVE-2019-18830 OS Command Injection vulnerability in Barco products
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection.
network
low complexity
barco CWE-78
critical
10.0
2019-12-16 CVE-2019-18828 Weak Password Requirements vulnerability in Barco products
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials.
local
low complexity
barco CWE-521
7.2
2019-12-16 CVE-2019-18827 Improper Input Validation vulnerability in Barco products
On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution.
network
barco CWE-20
4.3
2019-12-16 CVE-2019-18826 Improper Certificate Validation vulnerability in Barco products
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust.
network
low complexity
barco CWE-295
7.5
2018-07-10 CVE-2018-10943 Improper Input Validation vulnerability in Barco products
An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3.
network
low complexity
barco CWE-20
7.8
2017-01-12 CVE-2016-3151 Path Traversal vulnerability in Barco products
Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors.
network
low complexity
barco CWE-22
5.0
2017-01-12 CVE-2016-3150 Cross-site Scripting vulnerability in Barco products
Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
barco CWE-79
4.3