Vulnerabilities > Barco > Clickshare CSE 200 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-12-17 CVE-2019-18825 Unspecified vulnerability in Barco products
Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management.
network
low complexity
barco
7.5
2019-12-16 CVE-2019-18831 Use of Hard-coded Credentials vulnerability in Barco products
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure.
network
high complexity
barco CWE-798
5.3
2019-12-16 CVE-2019-18830 OS Command Injection vulnerability in Barco products
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection.
network
low complexity
barco CWE-78
critical
9.8
2019-12-16 CVE-2019-18828 Weak Password Requirements vulnerability in Barco products
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials.
low complexity
barco CWE-521
6.8
2019-12-16 CVE-2019-18827 Improper Authorization vulnerability in Barco products
On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution.
network
high complexity
barco CWE-285
5.9
2019-12-16 CVE-2019-18826 Improper Certificate Validation vulnerability in Barco products
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust.
network
low complexity
barco CWE-295
critical
9.8
2018-07-10 CVE-2018-10943 Improper Input Validation vulnerability in Barco products
An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3.
network
low complexity
barco CWE-20
7.5
2017-01-12 CVE-2016-3151 Path Traversal vulnerability in Barco products
Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors.
network
low complexity
barco CWE-22
7.5
2017-01-12 CVE-2016-3150 Cross-site Scripting vulnerability in Barco products
Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
barco CWE-79
6.1