TROYANOSYVIRUS
Volver a CVEs

CVE-2015-2909

CRITICAL
9.8

Descripcion

Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords."

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/6/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

netvu:ds2_\(dvtr\)netvu:ds2_\(dvtr\)_firmwarenetvu:ds2_\(dvtu\)netvu:ds2_\(dvtu\)_firmwarenetvu:ds2_\(dvtx\)netvu:ds2_\(dvtx\)_firmwarenetvu:ds2_\(dvtx\)_netvu_connectednetvu:ds2_\(dvtx\)_netvu_connected_firmwarenetvu:ds2_\(m2ip\)netvu:ds2_\(m2ip\)_firmwarenetvu:dv-ip_expressnetvu:dv-ip_express_firmwarenetvu:ecosense_4\/8\/16_\(m4t\)netvu:ecosense_4\/8\/16_\(m4t\)_firmwarenetvu:sd-advanced_-_sdhdnetvu:sd-advanced_-_sdhd_firmwarenetvu:sd-advanced_8\/12\/16_vganetvu:sd-advanced_8\/12\/16_vga_firmwarenetvu:sd_32_\(m3g\)netvu:sd_32_\(m3g\)_firmwarenetvu:sd_32_\(m3h\)netvu:sd_32_\(m3h\)_firmwarenetvu:sd_4_\(m3s\)netvu:sd_4_\(m3s\)_firmwarenetvu:sd_4_\(m3t\)netvu:sd_4_\(m3t\)_firmwarenetvu:sd_8\/12\/16_no_kbd_\(m3r\)netvu:sd_8\/12\/16_no_kbd_\(m3r\)_firmwarenetvu:sd_8\/12\/16_no_kbd_\(m3s\)netvu:sd_8\/12\/16_no_kbd_\(m3s\)_firmwarenetvu:sd_8\/16_front_panel_kbd_\(m3r\)netvu:sd_8\/16_front_panel_kbd_\(m3r\)_firmwarenetvu:sd_8\/16_front_panel_kbd_\(m3u\)netvu:sd_8\/16_front_panel_kbd_\(m3u\)_firmwarenetvu:sd_advanced_closed_iptv_\(m3u\)netvu:sd_advanced_closed_iptv_\(m3u\)_firmwarenetvu:sd_advanced_non_closed_iptv_\(m3u\)netvu:sd_advanced_non_closed_iptv_\(m3u\)_firmwarenetvu:sd_advanced_nvrnetvu:sd_advanced_nvr_firmware

Debilidades (CWE)

CWE-269

Referencias

http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/(cret@cert.org)
http://www.kb.cert.org/vuls/id/276148(cret@cert.org)
http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/276148(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.