PatchSiren cyber security CVE debrief

CVE-2017-6351 Wepresent CVE debrief

CVE-2017-6351 describes a hardcoded manufacturer account in WePresent WiPG-1500 firmware 1.0.3.7. When DEBUG mode is enabled, the device exposes telnet access on TCP/5885, allowing authentication with the undocumented 'abarco' account. NVD assigns the issue a CVSS 3.0 score of 8.1 (HIGH) and maps it to CWE-798 (Use of Hard-coded Credentials).

Vendor: Wepresent
Product: CVE-2017-6351
CVSS: HIGH 8.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-06
Original CVE updated: 2026-05-13
Advisory published: 2017-03-06
Advisory updated: 2026-05-13

Who should care

Organizations that operate WePresent WiPG-1500 devices running firmware 1.0.3.7, especially environments where DEBUG mode could be enabled or not tightly controlled. Network and device administrators should treat this as a credential and remote-access risk.

Technical summary

The NVD record states that WePresent WiPG-1500 firmware 1.0.3.7 is vulnerable to a hardcoded manufacturer username/password. The undocumented 'abarco' account can be used over telnet once the device is placed into DEBUG mode, and the telnet service is described as running on TCP/5885. The vulnerability is classified as CWE-798, and the NVD CPE entry marks the firmware version 1.0.3.7 as vulnerable.

Defensive priority

High — hardcoded credentials combined with remote telnet access can create a high-impact access-control weakness if DEBUG mode is enabled.

Recommended defensive actions

Identify whether any WePresent WiPG-1500 devices are present and confirm firmware versions, with special attention to 1.0.3.7.
Determine whether DEBUG mode is enabled on any deployed devices and disable it where possible.
Restrict access to management and diagnostic services such as telnet, including TCP/5885, to trusted administration networks only.
Rotate or remove any embedded or undocumented credentials where the vendor provides a supported remediation path.
Monitor vendor advisories and official product documentation for a firmware update or mitigation guidance.
Treat exposure of the hardcoded account as a potential credential-compromise condition and review device access logs and network segmentation controls.

Evidence notes

This debrief is based on the supplied NVD CVE metadata and references. The record identifies CVE-2017-6351 as a hardcoded credential issue (CWE-798) affecting WePresent WiPG-1500 firmware 1.0.3.7, with the cited behavior occurring when DEBUG mode is enabled and telnet is available on TCP/5885. The supplied references include the official CVE record, the NVD detail page, a vendor advisory reference, a SecurityFocus entry, and an Exploit-DB reference; no additional facts from those links were assumed beyond the provided corpus.

Official resources

CVE-2017-6351 CVE record
CVE.org
CVE-2017-6351 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Vendor Advisory
Source reference
[email protected]

Published by the CVE program on 2017-03-06T02:59:00.463Z; the supplied source record was last modified on 2026-05-13T00:24:29.033Z. This debrief uses the CVE publication date for disclosure timing context.