Authentication Vulnerabilities Identified in Projector Firmware

May 1, 2015


The manufacturer of a popular projector found primarily in classrooms is neglecting to address several authentication bugs that exist in the device that could open it up to hacks.

It’s technically the firmware for the projector, InFocus IN3128HD, version 0.26, that’s vulnerable. The web interface requires an admin password to view or modify the device’s configuration parameters but thanks to an authentication bypass in the firmware, if an attacker simply knows the name of the page (main.html) that users are directed to after they correctly login (index.html) they can get there.

Read More