TROYANOSYVIRUS
Retour aux CVEs

CVE-2015-2909

CRITICAL
9.8

Description

Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords."

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/6/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

netvu:ds2_\(dvtr\)netvu:ds2_\(dvtr\)_firmwarenetvu:ds2_\(dvtu\)netvu:ds2_\(dvtu\)_firmwarenetvu:ds2_\(dvtx\)netvu:ds2_\(dvtx\)_firmwarenetvu:ds2_\(dvtx\)_netvu_connectednetvu:ds2_\(dvtx\)_netvu_connected_firmwarenetvu:ds2_\(m2ip\)netvu:ds2_\(m2ip\)_firmwarenetvu:dv-ip_expressnetvu:dv-ip_express_firmwarenetvu:ecosense_4\/8\/16_\(m4t\)netvu:ecosense_4\/8\/16_\(m4t\)_firmwarenetvu:sd-advanced_-_sdhdnetvu:sd-advanced_-_sdhd_firmwarenetvu:sd-advanced_8\/12\/16_vganetvu:sd-advanced_8\/12\/16_vga_firmwarenetvu:sd_32_\(m3g\)netvu:sd_32_\(m3g\)_firmwarenetvu:sd_32_\(m3h\)netvu:sd_32_\(m3h\)_firmwarenetvu:sd_4_\(m3s\)netvu:sd_4_\(m3s\)_firmwarenetvu:sd_4_\(m3t\)netvu:sd_4_\(m3t\)_firmwarenetvu:sd_8\/12\/16_no_kbd_\(m3r\)netvu:sd_8\/12\/16_no_kbd_\(m3r\)_firmwarenetvu:sd_8\/12\/16_no_kbd_\(m3s\)netvu:sd_8\/12\/16_no_kbd_\(m3s\)_firmwarenetvu:sd_8\/16_front_panel_kbd_\(m3r\)netvu:sd_8\/16_front_panel_kbd_\(m3r\)_firmwarenetvu:sd_8\/16_front_panel_kbd_\(m3u\)netvu:sd_8\/16_front_panel_kbd_\(m3u\)_firmwarenetvu:sd_advanced_closed_iptv_\(m3u\)netvu:sd_advanced_closed_iptv_\(m3u\)_firmwarenetvu:sd_advanced_non_closed_iptv_\(m3u\)netvu:sd_advanced_non_closed_iptv_\(m3u\)_firmwarenetvu:sd_advanced_nvrnetvu:sd_advanced_nvr_firmware

Faiblesses (CWE)

CWE-269

References

http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/(cret@cert.org)
http://www.kb.cert.org/vuls/id/276148(cret@cert.org)
http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/276148(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.