Search criteria
3 vulnerabilities found for EcoSense by Dedicated Micros
VAR-202002-0860
Vulnerability from variot - Updated: 2024-11-23 22:05Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords.". Dedicated Micros Digital video recorder products by default communicate with plain text that is not encrypted and do not authenticate users with a password. Do not encrypt sensitive data (CWE-311) Dedicated Micros The digital video recorder product of the default is a protocol that does not encrypt communication contents by default. HTTP , Telnet , FTP It is the end user's responsibility to configure to use a more secure protocol. Therefore, with the default settings, communications may be viewed or altered by a third party. CWE-311: Missing Encryption of Sensitive Data https://cwe.mitre.org/data/definitions/311.html Inappropriate access control (CWE-284) - CVE-2015-2909 Dedicated Micros Digital video recorder products by default do not require user authentication by default. End users can set a password on the device, but it is not required. With the default settings, the device may be freely accessed or altered by a third party. CWE-284: Improper Access Control https://cwe.mitre.org/data/definitions/284.htmlSensitive data can be viewed and manipulated by a remote attacker. Also, devices that are not configured securely can be completely deprived of control. A number of Dedicated Micros products have security vulnerabilities that allow remote attackers to exploit the vulnerability to gain unauthorized access to the device. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0860",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ds2 \\",
"scope": "eq",
"trust": 4.0,
"vendor": "netvu",
"version": null
},
{
"model": "sd 8\\/12\\/16 no kbd \\",
"scope": "eq",
"trust": 2.0,
"vendor": "netvu",
"version": null
},
{
"model": "sd 8\\/16 front panel kbd \\",
"scope": "eq",
"trust": 2.0,
"vendor": "netvu",
"version": null
},
{
"model": "sd 32 \\",
"scope": "eq",
"trust": 2.0,
"vendor": "netvu",
"version": null
},
{
"model": "sd 4 \\",
"scope": "eq",
"trust": 2.0,
"vendor": "netvu",
"version": null
},
{
"model": "sd advanced non closed iptv \\",
"scope": "eq",
"trust": 1.0,
"vendor": "netvu",
"version": null
},
{
"model": "sd advanced closed iptv \\",
"scope": "eq",
"trust": 1.0,
"vendor": "netvu",
"version": null
},
{
"model": "dv-ip express",
"scope": "eq",
"trust": 1.0,
"vendor": "netvu",
"version": null
},
{
"model": "ecosense 4\\/8\\/16 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "netvu",
"version": null
},
{
"model": "sd-advanced - sdhd",
"scope": "eq",
"trust": 1.0,
"vendor": "netvu",
"version": null
},
{
"model": "sd-advanced 8\\/12\\/16 vga",
"scope": "eq",
"trust": 1.0,
"vendor": "netvu",
"version": null
},
{
"model": "ds2 \\ netvu connected",
"scope": "eq",
"trust": 1.0,
"vendor": "netvu",
"version": null
},
{
"model": "sd advanced nvr",
"scope": "eq",
"trust": 1.0,
"vendor": "netvu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dedicated micros",
"version": null
},
{
"model": "digital sprite 2",
"scope": "eq",
"trust": 0.8,
"vendor": "dedicated micros",
"version": "(ds2)"
},
{
"model": "dv-ip express",
"scope": null,
"trust": 0.8,
"vendor": "dedicated micros",
"version": null
},
{
"model": "ecosense",
"scope": null,
"trust": 0.8,
"vendor": "dedicated micros",
"version": null
},
{
"model": "sd",
"scope": null,
"trust": 0.8,
"vendor": "dedicated micros",
"version": null
},
{
"model": "sd advanced",
"scope": null,
"trust": 0.8,
"vendor": "dedicated micros",
"version": null
},
{
"model": "ecosense digital video recorder",
"scope": null,
"trust": 0.6,
"vendor": "dedicated micros usa",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#276148"
},
{
"db": "CNVD",
"id": "CNVD-2015-05663"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004308"
},
{
"db": "NVD",
"id": "CVE-2015-2909"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:misc:dedicatedmicros_digital_sprite_2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:dedicatedmicros_dv-ip_express",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:dedicatedmicros_ecosense",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:dedicatedmicros_sd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:dedicatedmicros_sd_advanced",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004308"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Tierney",
"sources": [
{
"db": "BID",
"id": "76438"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-473"
}
],
"trust": 0.9
},
"cve": "CVE-2015-2909",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2909",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NONE",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.4,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2909",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-004308",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05663",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-2909",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2909",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-2909",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2015-004308",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05663",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-473",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#276148"
},
{
"db": "CNVD",
"id": "CNVD-2015-05663"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004308"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-473"
},
{
"db": "NVD",
"id": "CVE-2015-2909"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states \"The user is presented with clear warnings on the GUI that they should set usernames and passwords.\". Dedicated Micros Digital video recorder products by default communicate with plain text that is not encrypted and do not authenticate users with a password. Do not encrypt sensitive data (CWE-311) Dedicated Micros The digital video recorder product of the default is a protocol that does not encrypt communication contents by default. HTTP , Telnet , FTP It is the end user\u0027s responsibility to configure to use a more secure protocol. Therefore, with the default settings, communications may be viewed or altered by a third party. CWE-311: Missing Encryption of Sensitive Data https://cwe.mitre.org/data/definitions/311.html Inappropriate access control (CWE-284) - CVE-2015-2909 Dedicated Micros Digital video recorder products by default do not require user authentication by default. End users can set a password on the device, but it is not required. With the default settings, the device may be freely accessed or altered by a third party. CWE-284: Improper Access Control https://cwe.mitre.org/data/definitions/284.htmlSensitive data can be viewed and manipulated by a remote attacker. Also, devices that are not configured securely can be completely deprived of control. A number of Dedicated Micros products have security vulnerabilities that allow remote attackers to exploit the vulnerability to gain unauthorized access to the device. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2909"
},
{
"db": "CERT/CC",
"id": "VU#276148"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004308"
},
{
"db": "CNVD",
"id": "CNVD-2015-05663"
},
{
"db": "BID",
"id": "76438"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/276148",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#276148"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#276148",
"trust": 3.8
},
{
"db": "NVD",
"id": "CVE-2015-2909",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU97413676",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004308",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05663",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-473",
"trust": 0.6
},
{
"db": "BID",
"id": "76438",
"trust": 0.3
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#276148"
},
{
"db": "CNVD",
"id": "CNVD-2015-05663"
},
{
"db": "BID",
"id": "76438"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004308"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-473"
},
{
"db": "NVD",
"id": "CVE-2015-2909"
}
]
},
"id": "VAR-202002-0860",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05663"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05663"
}
]
},
"last_update_date": "2024-11-23T22:05:47.937000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Products Group",
"trust": 0.8,
"url": "http://www.dedicatedmicros.com/europe/products_group.php?product_group_id=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004308"
},
{
"db": "NVD",
"id": "CVE-2015-2909"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/276148"
},
{
"trust": 1.6,
"url": "https://www.shodan.io/search?query=command+line+processor+-username"
},
{
"trust": 0.8,
"url": "http://www.dedicatedmicros.com/europe/products_group.php?product_group_id=1"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/311.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2909"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97413676/index.html"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/jlad-9zgmh7"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2909"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#276148"
},
{
"db": "CNVD",
"id": "CNVD-2015-05663"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004308"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-473"
},
{
"db": "NVD",
"id": "CVE-2015-2909"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#276148"
},
{
"db": "CNVD",
"id": "CNVD-2015-05663"
},
{
"db": "BID",
"id": "76438"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004308"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-473"
},
{
"db": "NVD",
"id": "CVE-2015-2909"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-20T00:00:00",
"db": "CERT/CC",
"id": "VU#276148"
},
{
"date": "2015-08-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05663"
},
{
"date": "2015-08-20T00:00:00",
"db": "BID",
"id": "76438"
},
{
"date": "2015-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004308"
},
{
"date": "2015-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-473"
},
{
"date": "2020-02-06T15:15:11.047000",
"db": "NVD",
"id": "CVE-2015-2909"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-20T00:00:00",
"db": "CERT/CC",
"id": "VU#276148"
},
{
"date": "2015-08-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05663"
},
{
"date": "2015-08-20T00:00:00",
"db": "BID",
"id": "76438"
},
{
"date": "2015-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004308"
},
{
"date": "2020-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-473"
},
{
"date": "2024-11-21T02:28:18.260000",
"db": "NVD",
"id": "CVE-2015-2909"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-473"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dedicated Micros DVR products use plaintext protocols and require no password by default",
"sources": [
{
"db": "CERT/CC",
"id": "VU#276148"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-473"
}
],
"trust": 0.6
}
}
CVE-2015-2909 (GCVE-0-2015-2909)
Vulnerability from nvd – Published: 2020-02-06 14:14 – Updated: 2024-08-06 05:32
VLAI?
Summary
Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords."
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dedicated Micros | DV-IP Express |
Affected:
unknown
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/276148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DV-IP Express",
"vendor": "Dedicated Micros",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "SD Advanced",
"vendor": "Dedicated Micros",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "SD",
"vendor": "Dedicated Micros",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "EcoSense",
"vendor": "Dedicated Micros",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "DS2",
"vendor": "Dedicated Micros",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"datePublic": "2015-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states \"The user is presented with clear warnings on the GUI that they should set usernames and passwords.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T14:14:50",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/276148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DV-IP Express",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "SD Advanced",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "SD",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "EcoSense",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "DS2",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "Dedicated Micros"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states \"The user is presented with clear warnings on the GUI that they should set usernames and passwords.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/",
"refsource": "MISC",
"url": "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/"
},
{
"name": "http://www.kb.cert.org/vuls/id/276148",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/276148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2909",
"datePublished": "2020-02-06T14:14:50",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2909 (GCVE-0-2015-2909)
Vulnerability from cvelistv5 – Published: 2020-02-06 14:14 – Updated: 2024-08-06 05:32
VLAI?
Summary
Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords."
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dedicated Micros | DV-IP Express |
Affected:
unknown
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/276148"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DV-IP Express",
"vendor": "Dedicated Micros",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "SD Advanced",
"vendor": "Dedicated Micros",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "SD",
"vendor": "Dedicated Micros",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "EcoSense",
"vendor": "Dedicated Micros",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "DS2",
"vendor": "Dedicated Micros",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"datePublic": "2015-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states \"The user is presented with clear warnings on the GUI that they should set usernames and passwords.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T14:14:50",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/276148"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DV-IP Express",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "SD Advanced",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "SD",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "EcoSense",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "DS2",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "Dedicated Micros"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states \"The user is presented with clear warnings on the GUI that they should set usernames and passwords.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/",
"refsource": "MISC",
"url": "http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/"
},
{
"name": "http://www.kb.cert.org/vuls/id/276148",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/276148"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2909",
"datePublished": "2020-02-06T14:14:50",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}