VAR-201701-0404
Vulnerability from variot - Updated: 2025-04-20 23:13Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. Barco ClickShare is prone to a vulnerability that lets attacker access arbitrary files because it fails to adequately validate user-supplied input. An attacker can exploit this vulnerability to view arbitrary files within the context of the affected application. Versions prior to Barco ClickShare 01.09.03 are vulnerable. Barco ClickShare CSC-1 is a wireless presentation system from Barco, Belgium. Base Unit is one of the basic integration kits. A remote code execution vulnerability exists within the Barco ClickShare base unit software, that could lead to full compromise of the appliance.
CVE-2016-3150 - Cross-site Scripting in Barco ClickShare CSC-1, CSM-1 and CSE-200 Affected versions: all versions prior to v01.09.03 (CSC-1), v01.06.02 (CSM-1) and v01.03.02 (CSE-200) A Cross-Site Scripting vulnerability exists within Barco ClickShare's CSC-1 base unit's wallpaper.php due to invalid input and output sanitisation. A Path Traversal vulnerability exists within Barco ClickShare's wallpaper parsing functionality, which leads to disclosure of the /etc/shadow file on the file system.
The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance.
References: http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009 http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113 https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008
--
Regards,
Vincent Ruijter Ethical Hacker Chief Information Security Office KPN B.V
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clickshare csc-1",
"scope": "lte",
"trust": 1.0,
"vendor": "barco",
"version": "01.09.02.03"
},
{
"model": "clickshare csc-1",
"scope": null,
"trust": 0.8,
"vendor": "barco",
"version": null
},
{
"model": "clickshare csc-1",
"scope": "lt",
"trust": 0.8,
"vendor": "barco",
"version": "01.09.03"
},
{
"model": "clickshare csc-1",
"scope": "eq",
"trust": 0.6,
"vendor": "barco",
"version": "01.09.02.03"
},
{
"model": "clickshare",
"scope": "eq",
"trust": 0.3,
"vendor": "barco",
"version": "1.9.2"
},
{
"model": "clickshare",
"scope": "ne",
"trust": 0.3,
"vendor": "barco",
"version": "1.9.3"
}
],
"sources": [
{
"db": "BID",
"id": "94326"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006882"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-542"
},
{
"db": "NVD",
"id": "CVE-2016-3152"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:barco:clickshare_csc-1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_csc-1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006882"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vincent Ruijter",
"sources": [
{
"db": "BID",
"id": "94326"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-542"
}
],
"trust": 1.0
},
"cve": "CVE-2016-3152",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-3152",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-91971",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-3152",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3152",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-3152",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-542",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-91971",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91971"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006882"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-542"
},
{
"db": "NVD",
"id": "CVE-2016-3152"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. Barco ClickShare is prone to a vulnerability that lets attacker access arbitrary files because it fails to adequately validate user-supplied input. \nAn attacker can exploit this vulnerability to view arbitrary files within the context of the affected application. \nVersions prior to Barco ClickShare 01.09.03 are vulnerable. Barco ClickShare CSC-1 is a wireless presentation system from Barco, Belgium. Base Unit is one of the basic integration kits. \nA remote code execution vulnerability exists within the Barco ClickShare base unit software, that could lead to full compromise of the appliance. \n\nCVE-2016-3150 - Cross-site Scripting in Barco ClickShare CSC-1, CSM-1 and CSE-200\nAffected versions: all versions prior to v01.09.03 (CSC-1), v01.06.02 (CSM-1) and v01.03.02 (CSE-200)\nA Cross-Site Scripting vulnerability exists within Barco ClickShare\u0027s CSC-1 base unit\u0027s wallpaper.php due to invalid input and output sanitisation. \nA Path Traversal vulnerability exists within Barco ClickShare\u0027s wallpaper parsing functionality, which leads to disclosure of the /etc/shadow file on the file system. \n\nThe vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance. \n\nReferences:\nhttp://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020\u0026rev=001002000009\nhttp://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037\u0026rev=001001000113\nhttps://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070\u0026rev=001001000008\n\n--\n\nRegards,\n\nVincent Ruijter\nEthical Hacker\nChief Information Security Office\nKPN B.V",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3152"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006882"
},
{
"db": "BID",
"id": "94326"
},
{
"db": "VULHUB",
"id": "VHN-91971"
},
{
"db": "PACKETSTORM",
"id": "139713"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3152",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "139713",
"trust": 2.6
},
{
"db": "BID",
"id": "94326",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006882",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-542",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-91971",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91971"
},
{
"db": "BID",
"id": "94326"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006882"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-542"
},
{
"db": "NVD",
"id": "CVE-2016-3152"
}
]
},
"id": "VAR-201701-0404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91971"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:13:23.882000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Update your ClickShare firmware",
"trust": 0.8,
"url": "https://www.barco.com/en/page/update-your-clickshare-firmware"
},
{
"title": "Barco ClickShare Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65877"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006882"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-542"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91971"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006882"
},
{
"db": "NVD",
"id": "CVE-2016-3152"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/139713/barco-clickshare-xss-remote-code-execution-path-traversal.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94326"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/539754/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3152"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3152"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/539754/100/0/threaded"
},
{
"trust": 0.3,
"url": "https://www.barco.com/en/clickshare"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2016/nov/49"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3151"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3152"
},
{
"trust": 0.1,
"url": "http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050037\u0026rev=001001000113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3150"
},
{
"trust": 0.1,
"url": "http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=r33050020\u0026rev=001002000009"
},
{
"trust": 0.1,
"url": "https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050070\u0026rev=001001000008"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91971"
},
{
"db": "BID",
"id": "94326"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006882"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-542"
},
{
"db": "NVD",
"id": "CVE-2016-3152"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-91971"
},
{
"db": "BID",
"id": "94326"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006882"
},
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-542"
},
{
"db": "NVD",
"id": "CVE-2016-3152"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-91971"
},
{
"date": "2016-11-14T00:00:00",
"db": "BID",
"id": "94326"
},
{
"date": "2017-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006882"
},
{
"date": "2016-11-14T17:07:07",
"db": "PACKETSTORM",
"id": "139713"
},
{
"date": "2016-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-542"
},
{
"date": "2017-01-12T23:59:00.387000",
"db": "NVD",
"id": "CVE-2016-3152"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-91971"
},
{
"date": "2016-11-24T00:10:00",
"db": "BID",
"id": "94326"
},
{
"date": "2017-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006882"
},
{
"date": "2017-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-542"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-3152"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "139713"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-542"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barco ClickShare CSC-1 In the device firmware root Password acquisition vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006882"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-542"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…