VAR-201701-0402
Vulnerability from variot - Updated: 2025-04-20 23:13Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Barco ClickShare is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. A remote attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and gain access to sensitive information, which may aid in launching further attacks. Versions prior to Barco ClickShare 01.09.03, 01.06.02 and 01.03.02 are vulnerable. Barco ClickShare CSC-1 is a wireless presentation system from Barco, Belgium. Base Unit is one of the basic integration kits. The following devices are affected: Barco ClickShare CSC-1 devices with firmware prior to 01.09.03; CSM-1 devices with firmware prior to 01.06.02; CSE-200 devices with firmware prior to 01.03.02. A Path Traversal vulnerability exists within Barco ClickShare's wallpaper parsing functionality, which leads to disclosure of the /etc/shadow file on the file system.
CVE-2016-3152 - /etc/shadow file disclosure in the CSC-1 firmware update Affected versions: all versions prior to v01.09.03 (CSC-1) It is possible to download and extract the firmware image of the CSC-1 and obtain the root password.
The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance.
References: http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009 http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113 https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008
--
Regards,
Vincent Ruijter Ethical Hacker Chief Information Security Office KPN B.V
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0402",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clickshare csc-1",
"scope": "lte",
"trust": 1.0,
"vendor": "barco",
"version": "01.09.05.02"
},
{
"model": "clickshare cse-200",
"scope": "lte",
"trust": 1.0,
"vendor": "barco",
"version": "01.09.02.05"
},
{
"model": "clickshare csc-1",
"scope": null,
"trust": 0.8,
"vendor": "barco",
"version": null
},
{
"model": "clickshare csc-1",
"scope": "lt",
"trust": 0.8,
"vendor": "barco",
"version": "01.09.03"
},
{
"model": "clickshare cse-200",
"scope": null,
"trust": 0.8,
"vendor": "barco",
"version": null
},
{
"model": "clickshare cse-200",
"scope": "lt",
"trust": 0.8,
"vendor": "barco",
"version": "01.03.02"
},
{
"model": "clickshare csm-1",
"scope": null,
"trust": 0.8,
"vendor": "barco",
"version": null
},
{
"model": "clickshare csm-1",
"scope": "lt",
"trust": 0.8,
"vendor": "barco",
"version": "01.06.02"
},
{
"model": "clickshare csc-1",
"scope": "eq",
"trust": 0.6,
"vendor": "barco",
"version": "01.09.05.02"
},
{
"model": "clickshare cse-200",
"scope": "eq",
"trust": 0.6,
"vendor": "barco",
"version": "01.09.02.05"
},
{
"model": "clickshare",
"scope": "eq",
"trust": 0.3,
"vendor": "barco",
"version": "1.9.2"
},
{
"model": "clickshare",
"scope": "eq",
"trust": 0.3,
"vendor": "barco",
"version": "1.6.1"
},
{
"model": "clickshare",
"scope": "eq",
"trust": 0.3,
"vendor": "barco",
"version": "1.3.1"
},
{
"model": "clickshare",
"scope": "ne",
"trust": 0.3,
"vendor": "barco",
"version": "1.9.3"
},
{
"model": "clickshare",
"scope": "ne",
"trust": 0.3,
"vendor": "barco",
"version": "1.6.2"
},
{
"model": "clickshare",
"scope": "ne",
"trust": 0.3,
"vendor": "barco",
"version": "1.3.2"
}
],
"sources": [
{
"db": "BID",
"id": "94330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006880"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-538"
},
{
"db": "NVD",
"id": "CVE-2016-3150"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:barco:clickshare_csc-1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_csc-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:barco:clickshare_cse-200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_cse-200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:barco:clickshare_csm-1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_csm-1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006880"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vincent Ruijter",
"sources": [
{
"db": "BID",
"id": "94330"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-538"
}
],
"trust": 1.0
},
"cve": "CVE-2016-3150",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-3150",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-91969",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-3150",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3150",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-3150",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-538",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-91969",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91969"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006880"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-538"
},
{
"db": "NVD",
"id": "CVE-2016-3150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Barco ClickShare is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. \nA remote attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and gain access to sensitive information, which may aid in launching further attacks. \nVersions prior to Barco ClickShare 01.09.03, 01.06.02 and 01.03.02 are vulnerable. Barco ClickShare CSC-1 is a wireless presentation system from Barco, Belgium. Base Unit is one of the basic integration kits. The following devices are affected: Barco ClickShare CSC-1 devices with firmware prior to 01.09.03; CSM-1 devices with firmware prior to 01.06.02; CSE-200 devices with firmware prior to 01.03.02. \nA Path Traversal vulnerability exists within Barco ClickShare\u0027s wallpaper parsing functionality, which leads to disclosure of the /etc/shadow file on the file system. \n\nCVE-2016-3152 - /etc/shadow file disclosure in the CSC-1 firmware update\nAffected versions: all versions prior to v01.09.03 (CSC-1)\nIt is possible to download and extract the firmware image of the CSC-1 and obtain the root password. \n\nThe vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance. \n\nReferences:\nhttp://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020\u0026rev=001002000009\nhttp://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037\u0026rev=001001000113\nhttps://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070\u0026rev=001001000008\n\n--\n\nRegards,\n\nVincent Ruijter\nEthical Hacker\nChief Information Security Office\nKPN B.V",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3150"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006880"
},
{
"db": "BID",
"id": "94330"
},
{
"db": "VULHUB",
"id": "VHN-91969"
},
{
"db": "PACKETSTORM",
"id": "139713"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3150",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "139713",
"trust": 2.6
},
{
"db": "BID",
"id": "94330",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006880",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-538",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-91969",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91969"
},
{
"db": "BID",
"id": "94330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006880"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-538"
},
{
"db": "NVD",
"id": "CVE-2016-3150"
}
]
},
"id": "VAR-201701-0402",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91969"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:13:23.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Update your ClickShare firmware",
"trust": 0.8,
"url": "https://www.barco.com/en/page/update-your-clickshare-firmware"
},
{
"title": "Barco ClickShare Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65873"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006880"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-538"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91969"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006880"
},
{
"db": "NVD",
"id": "CVE-2016-3150"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/139713/barco-clickshare-xss-remote-code-execution-path-traversal.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94330"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/539754/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3150"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3150"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/539754/100/0/threaded"
},
{
"trust": 0.3,
"url": "https://www.barco.com/en/clickshare"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2016/nov/49"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3151"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3152"
},
{
"trust": 0.1,
"url": "http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050037\u0026rev=001001000113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3150"
},
{
"trust": 0.1,
"url": "http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=r33050020\u0026rev=001002000009"
},
{
"trust": 0.1,
"url": "https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050070\u0026rev=001001000008"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91969"
},
{
"db": "BID",
"id": "94330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006880"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-538"
},
{
"db": "NVD",
"id": "CVE-2016-3150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-91969"
},
{
"db": "BID",
"id": "94330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006880"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-538"
},
{
"db": "NVD",
"id": "CVE-2016-3150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-91969"
},
{
"date": "2016-11-14T00:00:00",
"db": "BID",
"id": "94330"
},
{
"date": "2017-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006880"
},
{
"date": "2016-11-14T17:07:07",
"db": "PACKETSTORM",
"id": "139713"
},
{
"date": "2016-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-538"
},
{
"date": "2017-01-12T23:59:00.307000",
"db": "NVD",
"id": "CVE-2016-3150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-91969"
},
{
"date": "2016-11-24T01:10:00",
"db": "BID",
"id": "94330"
},
{
"date": "2017-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006880"
},
{
"date": "2017-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-538"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-3150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-538"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Barco ClickShare Device product firmware Base Unit of wallpaper.php Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006880"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-538"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…