VAR-201701-0403
Vulnerability from variot - Updated: 2025-04-20 23:13Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. Barco ClickShare is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. A remote attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and gain access to sensitive information, which may aid in launching further attacks. Versions prior to Barco ClickShare 01.09.03, 01.06.02 and 01.03.02 are vulnerable. Barco ClickShare CSC-1 etc. are wireless presentation systems of Belgium Barco (Barco). A remote attacker can exploit this vulnerability to read the /etc/shadow file.
CVE-2016-3152 - /etc/shadow file disclosure in the CSC-1 firmware update Affected versions: all versions prior to v01.09.03 (CSC-1) It is possible to download and extract the firmware image of the CSC-1 and obtain the root password.
The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance.
References: http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009 http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113 https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008
--
Regards,
Vincent Ruijter Ethical Hacker Chief Information Security Office KPN B.V
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0403",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clickshare csc-1",
"scope": "lte",
"trust": 1.0,
"vendor": "barco",
"version": "01.09.02.03"
},
{
"model": "clickshare cse-200",
"scope": "lte",
"trust": 1.0,
"vendor": "barco",
"version": "01.03.01.05"
},
{
"model": "clickshare csm-1",
"scope": "lte",
"trust": 1.0,
"vendor": "barco",
"version": "01.06.01.04"
},
{
"model": "clickshare csc-1",
"scope": null,
"trust": 0.8,
"vendor": "barco",
"version": null
},
{
"model": "clickshare csc-1",
"scope": "lt",
"trust": 0.8,
"vendor": "barco",
"version": "01.09.03"
},
{
"model": "clickshare cse-200",
"scope": null,
"trust": 0.8,
"vendor": "barco",
"version": null
},
{
"model": "clickshare cse-200",
"scope": "lt",
"trust": 0.8,
"vendor": "barco",
"version": "01.03.02"
},
{
"model": "clickshare csm-1",
"scope": null,
"trust": 0.8,
"vendor": "barco",
"version": null
},
{
"model": "clickshare csm-1",
"scope": "lt",
"trust": 0.8,
"vendor": "barco",
"version": "01.06.02"
},
{
"model": "clickshare csm-1",
"scope": "eq",
"trust": 0.6,
"vendor": "barco",
"version": "01.06.01.04"
},
{
"model": "clickshare csc-1",
"scope": "eq",
"trust": 0.6,
"vendor": "barco",
"version": "01.09.02.03"
},
{
"model": "clickshare cse-200",
"scope": "eq",
"trust": 0.6,
"vendor": "barco",
"version": "01.03.01.05"
},
{
"model": "clickshare",
"scope": "eq",
"trust": 0.3,
"vendor": "barco",
"version": "1.9.2"
},
{
"model": "clickshare",
"scope": "eq",
"trust": 0.3,
"vendor": "barco",
"version": "1.6.1"
},
{
"model": "clickshare",
"scope": "eq",
"trust": 0.3,
"vendor": "barco",
"version": "1.3.1"
},
{
"model": "clickshare",
"scope": "ne",
"trust": 0.3,
"vendor": "barco",
"version": "1.9.3"
},
{
"model": "clickshare",
"scope": "ne",
"trust": 0.3,
"vendor": "barco",
"version": "1.6.2"
},
{
"model": "clickshare",
"scope": "ne",
"trust": 0.3,
"vendor": "barco",
"version": "1.3.2"
}
],
"sources": [
{
"db": "BID",
"id": "94330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006881"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-539"
},
{
"db": "NVD",
"id": "CVE-2016-3151"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:barco:clickshare_csc-1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_csc-1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:barco:clickshare_cse-200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_cse-200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:barco:clickshare_csm-1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_csm-1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006881"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vincent Ruijter",
"sources": [
{
"db": "BID",
"id": "94330"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-539"
}
],
"trust": 1.0
},
"cve": "CVE-2016-3151",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-3151",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-91970",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-3151",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3151",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-3151",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-539",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-91970",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91970"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006881"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-539"
},
{
"db": "NVD",
"id": "CVE-2016-3151"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. Barco ClickShare is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. \nA remote attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and gain access to sensitive information, which may aid in launching further attacks. \nVersions prior to Barco ClickShare 01.09.03, 01.06.02 and 01.03.02 are vulnerable. Barco ClickShare CSC-1 etc. are wireless presentation systems of Belgium Barco (Barco). A remote attacker can exploit this vulnerability to read the /etc/shadow file. \n\nCVE-2016-3152 - /etc/shadow file disclosure in the CSC-1 firmware update\nAffected versions: all versions prior to v01.09.03 (CSC-1)\nIt is possible to download and extract the firmware image of the CSC-1 and obtain the root password. \n\nThe vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance. \n\nReferences:\nhttp://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020\u0026rev=001002000009\nhttp://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037\u0026rev=001001000113\nhttps://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070\u0026rev=001001000008\n\n--\n\nRegards,\n\nVincent Ruijter\nEthical Hacker\nChief Information Security Office\nKPN B.V",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3151"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006881"
},
{
"db": "BID",
"id": "94330"
},
{
"db": "VULHUB",
"id": "VHN-91970"
},
{
"db": "PACKETSTORM",
"id": "139713"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3151",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "139713",
"trust": 2.6
},
{
"db": "BID",
"id": "94330",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006881",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-539",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-91970",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91970"
},
{
"db": "BID",
"id": "94330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006881"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-539"
},
{
"db": "NVD",
"id": "CVE-2016-3151"
}
]
},
"id": "VAR-201701-0403",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91970"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:13:23.847000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Update your ClickShare firmware",
"trust": 0.8,
"url": "https://www.barco.com/en/page/update-your-clickshare-firmware"
},
{
"title": "Barco ClickShare Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65874"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006881"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-539"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91970"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006881"
},
{
"db": "NVD",
"id": "CVE-2016-3151"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/139713/barco-clickshare-xss-remote-code-execution-path-traversal.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94330"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/539754/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3151"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3151"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/539754/100/0/threaded"
},
{
"trust": 0.3,
"url": "https://www.barco.com/en/clickshare"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2016/nov/49"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3151"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3152"
},
{
"trust": 0.1,
"url": "http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050037\u0026rev=001001000113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3150"
},
{
"trust": 0.1,
"url": "http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=r33050020\u0026rev=001002000009"
},
{
"trust": 0.1,
"url": "https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050070\u0026rev=001001000008"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91970"
},
{
"db": "BID",
"id": "94330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006881"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-539"
},
{
"db": "NVD",
"id": "CVE-2016-3151"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-91970"
},
{
"db": "BID",
"id": "94330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006881"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-539"
},
{
"db": "NVD",
"id": "CVE-2016-3151"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-91970"
},
{
"date": "2016-11-14T00:00:00",
"db": "BID",
"id": "94330"
},
{
"date": "2017-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006881"
},
{
"date": "2016-11-14T17:07:07",
"db": "PACKETSTORM",
"id": "139713"
},
{
"date": "2016-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-539"
},
{
"date": "2017-01-12T23:59:00.353000",
"db": "NVD",
"id": "CVE-2016-3151"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-91970"
},
{
"date": "2016-11-24T01:10:00",
"db": "BID",
"id": "94330"
},
{
"date": "2017-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006881"
},
{
"date": "2017-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-539"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-3151"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-539"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Barco ClickShare Directory traversal vulnerability in wallpaper parsing function of device product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006881"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-539"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…