Search criteria
1 vulnerability found for wipg-1500 by wepresent
VAR-201703-1065
Vulnerability from variot - Updated: 2025-04-20 23:20The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885. WePresent WiPG-1500 is a gateway newly launched by AWIND. WiPG-1500 connects to multi-platform devices (Windows/Mac/Pad/Smartphone/AirPad) and supports interactive presentations by supporting finger touch technology and virtual whiteboard.
WePresent WiPG-1500 has a backdoor vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the device. wePresent WiPG-1500 is a wireless projection device produced by Australia wePresentWiPG company for multimedia interactive teaching, large conferences, etc. A security vulnerability exists in wePresent WiPG-1500 devices using firmware version 1.0.3.7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-1065",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wipg-1500",
"scope": "eq",
"trust": 2.5,
"vendor": "wepresent",
"version": "1.0.3.7"
},
{
"model": "wepresent wipg-1500",
"scope": null,
"trust": 0.8,
"vendor": "wp",
"version": null
},
{
"model": "wepresent wipg-1500",
"scope": "eq",
"trust": 0.8,
"vendor": "wp",
"version": "1.0.3.7"
},
{
"model": "wipg-1500",
"scope": null,
"trust": 0.6,
"vendor": "wepresent",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02737"
},
{
"db": "BID",
"id": "96588"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002196"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-893"
},
{
"db": "NVD",
"id": "CVE-2017-6351"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:wepresent:wipg-1500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wepresent:wipg-1500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002196"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown.",
"sources": [
{
"db": "BID",
"id": "96588"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6351",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-6351",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-02737",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-114554",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-6351",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6351",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6351",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-02737",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-893",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114554",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02737"
},
{
"db": "VULHUB",
"id": "VHN-114554"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002196"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-893"
},
{
"db": "NVD",
"id": "CVE-2017-6351"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the \u0027abarco\u0027 hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885. WePresent WiPG-1500 is a gateway newly launched by AWIND. WiPG-1500 connects to multi-platform devices (Windows/Mac/Pad/Smartphone/AirPad) and supports interactive presentations by supporting finger touch technology and virtual whiteboard. \r\n\r\n\r\nWePresent WiPG-1500 has a backdoor vulnerability. \nAttackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the device. wePresent WiPG-1500 is a wireless projection device produced by Australia wePresentWiPG company for multimedia interactive teaching, large conferences, etc. A security vulnerability exists in wePresent WiPG-1500 devices using firmware version 1.0.3.7",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002196"
},
{
"db": "CNVD",
"id": "CNVD-2017-02737"
},
{
"db": "BID",
"id": "96588"
},
{
"db": "VULHUB",
"id": "VHN-114554"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-114554",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114554"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6351",
"trust": 3.4
},
{
"db": "BID",
"id": "96588",
"trust": 2.2
},
{
"db": "EXPLOIT-DB",
"id": "41480",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002196",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-893",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "41480",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-02737",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "141391",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-114554",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02737"
},
{
"db": "VULHUB",
"id": "VHN-114554"
},
{
"db": "BID",
"id": "96588"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002196"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-893"
},
{
"db": "NVD",
"id": "CVE-2017-6351"
}
]
},
"id": "VAR-201703-1065",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02737"
},
{
"db": "VULHUB",
"id": "VHN-114554"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02737"
}
]
},
"last_update_date": "2025-04-20T23:20:03.721000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.wepresentwifi.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002196"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114554"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002196"
},
{
"db": "NVD",
"id": "CVE-2017-6351"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.wepresentwifi.com/"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/41480/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/96588"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6351"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6351"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/96588/info"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02737"
},
{
"db": "VULHUB",
"id": "VHN-114554"
},
{
"db": "BID",
"id": "96588"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002196"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-893"
},
{
"db": "NVD",
"id": "CVE-2017-6351"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02737"
},
{
"db": "VULHUB",
"id": "VHN-114554"
},
{
"db": "BID",
"id": "96588"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002196"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-893"
},
{
"db": "NVD",
"id": "CVE-2017-6351"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02737"
},
{
"date": "2017-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-114554"
},
{
"date": "2017-03-05T00:00:00",
"db": "BID",
"id": "96588"
},
{
"date": "2017-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002196"
},
{
"date": "2017-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-893"
},
{
"date": "2017-03-06T02:59:00.463000",
"db": "NVD",
"id": "CVE-2017-6351"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02737"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-114554"
},
{
"date": "2017-03-07T00:15:00",
"db": "BID",
"id": "96588"
},
{
"date": "2017-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002196"
},
{
"date": "2017-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-893"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6351"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-893"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WePresent WiPG-1500 Device firmware vulnerability with device hard-coded account login",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002196"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-893"
}
],
"trust": 0.6
}
}