CVE-2015-4400

Опубликовано: 06 фев. 2018

Источник: nvd

CVSS3: 4.6

CVSS2: 2.1

EPSS Низкий

Описание

Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module.

Ссылки

https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell
Broken Link
https://fortiguard.com/zeroday/FG-VD-15-021
Third Party Advisory
https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/
Third Party Advisory
https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell
Broken Link
https://fortiguard.com/zeroday/FG-VD-15-021
Third Party Advisory
https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ring:ring_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ring:ring:-:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.0015

Низкий

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-jpmj-x4f8-38xj