CVE-2015-2882 - OpenCVE

Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Philips	In.sight B120\\37

Configuration 1 [-]

cpe:2.3:h:philips:in.sight_b120\\37:-:*:*:*:*:*:*:*

References

Link	Resource
https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2017-04-10T03:00:00

Updated: 2017-04-10T02:57:02

Reserved: 2015-04-03T00:00:00

Link: CVE-2015-2882

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-04-10T03:59:00.263

Modified: 2017-04-14T14:16:11.720

Link: CVE-2015-2882

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"containers": {"cna": {"affected": [{"product": "Philips In.Sight B120/37", "vendor": "n/a", "versions": [{"status": "affected", "version": "Philips In.Sight B120/37"}]}], "datePublic": "2017-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account."}], "problemTypes": [{"descriptions": [{"description": "backdoor", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-10T02:57:02", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2015-2882", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Philips In.Sight B120/37", "version": {"version_data": [{"version_value": "Philips In.Sight B120/37"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "backdoor"}]}]}, "references": {"reference_data": [{"name": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors", "refsource": "MISC", "url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2015-2882", "datePublished": "2017-04-10T03:00:00", "dateReserved": "2015-04-03T00:00:00", "dateUpdated": "2017-04-10T02:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:philips:in.sight_b120\\\\37:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEB36A9E-D75F-4A40-A60B-21BC43B07CF7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account."}, {"lang": "es", "value": "Philips In.Sight B120/37 tiene una contrase\u00f1a de b120root para la cuenta de root backdoor, una contrase\u00f1a de /ADMIN/ para la cuenta admin backdoor, una contrase\u00f1a de merlin para la cuenta backdoor mg3500, una contrase\u00f1a de M100-4674448 para la cuenta de usuario backdoor y una contrase\u00f1a de M100-4674448 para la cuenta admin backdoor."}], "id": "CVE-2015-2882", "lastModified": "2017-04-14T14:16:11.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-10T03:59:00.263", "references": [{"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}