{"vulnerability": "cve-2020-28329", "sightings": [{"uuid": "21997be0-cc90-4912-989a-6b231406958d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28329", "type": "seen", "source": "https://t.me/cibsecurity/16808", "content": "\u203c CVE-2020-28329 \u203c\n\nBarco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-24T22:46:58.000000Z"}, {"uuid": "92898b40-654b-42fb-bee0-7d021a03294a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28329", "type": "seen", "source": "https://t.me/cibsecurity/16814", "content": "\u203c CVE-2020-28330 \u203c\n\nBarco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-24T22:47:07.000000Z"}]}