Description
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticated remote attacker to execute arbitrary commands as the web server user.
Published: 2025-07-15
Score: 9.3 Critical
EPSS: 72.6% High
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unauthenticated command injection exposed by the /cgi-bin/rdfs.cgi endpoint. An attacker can supply an unsanitized Client parameter that is executed by the web server process, enabling arbitrary command execution as the web server user. The weakness corresponds to CWE-306 and CWE-78. The impact is the compromise of confidentiality, integrity, and availability of the affected device, as well as potential pivoting to internal systems if higher privileges are later obtained.

Affected Systems

Barco’s WePresent WiPG‑1000 medical presentation system with firmware versions prior to 2.2.3.0 are affected. The vulnerability exists in the undocumented /cgi-bin/rdfs.cgi endpoint of the device’s web interface.

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity, while an EPSS score of 73% shows a high probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires only a crafted HTTP request to the /cgi-bin/rdfs.cgi endpoint and no authentication, allowing an attacker to run arbitrary commands immediately. The likely attack vector is remote HTTP access to the device’s web interface from an untrusted network.

Generated by OpenCVE AI on May 11, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WiPG‑1000 firmware to version 2.2.3.0 or later, which contains the fix for the command injection vulnerability.
  • Restrict network access to the web interface by placing the device behind a firewall or VLAN and allowing only trusted management hosts to communicate with it.
  • Implement network monitoring for anomalous outbound traffic and raise alerts on unexpected command execution attempts on the device.

Generated by OpenCVE AI on May 11, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21423 An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticated remote attacker to execute arbitrary commands as the web server user.
History

Fri, 21 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Barco
Barco wepresent Wipg-1000p Firmware
CPEs cpe:2.3:a:barco:wepresent_wipg-1000p_firmware:*:*:*:*:*:*:*:*
Vendors & Products Barco
Barco wepresent Wipg-1000p Firmware

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00931}

Tue, 15 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 15 Jul 2025 13:15:00 +0000

Type Values Removed Values Added
Description An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticated remote attacker to execute arbitrary commands as the web server user.
Title WePresent WiPG-1000 Unauthenticated Command Injection in via rdfs.cgi
Weaknesses CWE-306
CWE-78
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Barco Wepresent Wipg-1000p Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-15T11:14:40.949Z

Reserved: 2025-04-15T19:15:22.556Z

Link: CVE-2025-34103

cve-icon Vulnrichment

Updated: 2025-07-15T13:31:25.224Z

cve-icon NVD

Status : Deferred

Published: 2025-07-15T13:15:29.820

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34103

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T17:30:15Z

Weaknesses