CVE-2025-34103
WePresent WiPG-1000 Unauthenticated Command Injection in via rdfs.cgi
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticated remote attacker to execute arbitrary commands as the web server user.
| CWE | CWE-78 CWE-306 |
| Vendor | wepresent (barco) |
| Product | wipg-1000 |
| Published | Jul 15, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for wepresent (barco) wipg-1000
Be the first to know when new unknown vulnerabilities affecting wepresent (barco) wipg-1000 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
WePresent (Barco) / WiPG-1000
* < 2.2.3.0
References
redguard.ch: https://www.redguard.ch/advisories/wepresent-wipg1000.txt raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/wipg1000_cmd_injection.rb exploit-db.com: https://www.exploit-db.com/exploits/41935 vulncheck.com: https://www.vulncheck.com/advisories/we-present-wi-pg-1000-unauthenticated-command-injection
Credits
Matthias Brun of Redguard