CVE-2015-2909
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords."
Affected (20)
Products: Netvu: Dv Ip Express Firmware, Sd Advanced Sdhd Firmware, Sd Advanced 8/12/16 Vga Firmware, Sd Advanced Closed Iptv (m3u) Firmware, Sd Advanced Non Closed Iptv (m3u) Firmware, Sd Advanced Nvr Firmware, Sd 32 (m3g) Firmware, Sd 32 (m3h) Firmware, Sd 4 (m3s) Firmware, Sd 4 (m3t) Firmware, Sd 8/12/16 No Kbd (m3r) Firmware, Sd 8/12/16 No Kbd (m3s) Firmware, Sd 8/16 Front Panel Kbd (m3r) Firmware, Sd 8/16 Front Panel Kbd (m3u) Firmware, Ecosense 4/8/16 (m4t) Firmware, Ds2 (dvtr) Firmware, Ds2 (dvtu) Firmware, Ds2 (dvtx) Firmware, Ds2 (dvtx) Netvu Connected Firmware, Ds2 (m2ip) Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Dv Ip Express | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd Advanced Sdhd | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd Advanced 8/12/16 Vga | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd Advanced Closed Iptv (m3u) | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd Advanced Non Closed Iptv (m3u) | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd Advanced Nvr | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd 32 (m3g) | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd 32 (m3h) | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd 4 (m3s) | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd 4 (m3t) | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd 8/12/16 No Kbd (m3r) | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd 8/12/16 No Kbd (m3s) | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd 8/16 Front Panel Kbd (m3r) | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Sd 8/16 Front Panel Kbd (m3u) | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Ecosense 4/8/16 (m4t) | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Ds2 (dvtr) | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Ds2 (dvtu) | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Ds2 (dvtx) | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Ds2 (dvtx) Netvu Connected | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Netvu Ds2 (m2ip) | All versions |
References (4)
Source: cret@cert.org
ExploitThird Party Advisory
Source: cret@cert.org
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.