Sign-up

ID

VAR-201703-1065


CVE

CVE-2017-6351


TITLE

WePresent WiPG-1500 Device firmware vulnerability with device hard-coded account login

Trust: 0.8

sources: JVNDB: JVNDB-2017-002196

DESCRIPTION

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885. WePresent WiPG-1500 is a gateway newly launched by AWIND. WiPG-1500 connects to multi-platform devices (Windows/Mac/Pad/Smartphone/AirPad) and supports interactive presentations by supporting finger touch technology and virtual whiteboard. WePresent WiPG-1500 has a backdoor vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the device. wePresent WiPG-1500 is a wireless projection device produced by Australia wePresentWiPG company for multimedia interactive teaching, large conferences, etc. A security vulnerability exists in wePresent WiPG-1500 devices using firmware version 1.0.3.7

Trust: 2.52

sources: NVD: CVE-2017-6351 // JVNDB: JVNDB-2017-002196 // CNVD: CNVD-2017-02737 // BID: 96588 // VULHUB: VHN-114554

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-02737

AFFECTED PRODUCTS

vendor:wepresentmodel:wipg-1500scope:eqversion:1.0.3.7

Trust: 2.5

vendor:wpmodel:wepresent wipg-1500scope: - version: -

Trust: 0.8

vendor:wpmodel:wepresent wipg-1500scope:eqversion:1.0.3.7

Trust: 0.8

vendor:wepresentmodel:wipg-1500scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-02737 // BID: 96588 // JVNDB: JVNDB-2017-002196 // CNNVD: CNNVD-201702-893 // NVD: CVE-2017-6351

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6351
value: HIGH

Trust: 1.0

NVD: CVE-2017-6351
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-02737
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201702-893
value: CRITICAL

Trust: 0.6

VULHUB: VHN-114554
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6351
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-02737
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114554
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6351
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-02737 // VULHUB: VHN-114554 // JVNDB: JVNDB-2017-002196 // CNNVD: CNNVD-201702-893 // NVD: CVE-2017-6351

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-114554 // JVNDB: JVNDB-2017-002196 // NVD: CVE-2017-6351

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-893

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-893

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002196

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-114554

PATCH
title:Top Pageurl:http://www.wepresentwifi.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-002196

EXTERNAL IDS
db:NVDid:CVE-2017-6351
Trust: 3.4
db:BIDid:96588
Trust: 2.2
db:EXPLOIT-DBid:41480
Trust: 1.7
db:JVNDBid:JVNDB-2017-002196
Trust: 0.8
db:CNNVDid:CNNVD-201702-893
Trust: 0.7
db:EXPLOITDBid:41480
Trust: 0.6
db:CNVDid:CNVD-2017-02737
Trust: 0.6
db:PACKETSTORMid:141391
Trust: 0.1
db:VULHUBid:VHN-114554
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-02737 // 
            
            
            
            VULHUB: VHN-114554 // 
            
            
            
            BID: 96588 // 
            
            
            
            JVNDB: JVNDB-2017-002196 // 
            
            
            
            CNNVD: CNNVD-201702-893 // 
            
            
            
            NVD: CVE-2017-6351

REFERENCES
url:http://www.wepresentwifi.com/
Trust: 2.0
url:https://www.exploit-db.com/exploits/41480/
Trust: 1.7
url:http://www.securityfocus.com/bid/96588
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6351
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6351
Trust: 0.8
url:http://www.securityfocus.com/bid/96588/info
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-02737 // 
            
            
            
            VULHUB: VHN-114554 // 
            
            
            
            BID: 96588 // 
            
            
            
            JVNDB: JVNDB-2017-002196 // 
            
            
            
            CNNVD: CNNVD-201702-893 // 
            
            
            
            NVD: CVE-2017-6351

CREDITS
Unknown.
Trust: 0.3
sources:
            
            
            BID: 96588

SOURCES
db:CNVDid:CNVD-2017-02737
db:VULHUBid:VHN-114554
db:BIDid:96588
db:JVNDBid:JVNDB-2017-002196
db:CNNVDid:CNNVD-201702-893
db:NVDid:CVE-2017-6351

LAST UPDATE DATE
2025-04-20T23:20:03.721000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-02737date:2020-03-10T00:00:00
db:VULHUBid:VHN-114554date:2017-09-01T00:00:00
db:BIDid:96588date:2017-03-07T00:15:00
db:JVNDBid:JVNDB-2017-002196date:2017-03-31T00:00:00
db:CNNVDid:CNNVD-201702-893date:2017-03-08T00:00:00
db:NVDid:CVE-2017-6351date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-02737date:2017-03-15T00:00:00
db:VULHUBid:VHN-114554date:2017-03-06T00:00:00
db:BIDid:96588date:2017-03-05T00:00:00
db:JVNDBid:JVNDB-2017-002196date:2017-03-31T00:00:00
db:CNNVDid:CNNVD-201702-893date:2017-02-28T00:00:00
db:NVDid:CVE-2017-6351date:2017-03-06T02:59:00.463