CVE-2015-2909 Information

Description

Dedicated Micros DV-IP Express SD Advanced SD EcoSense and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states \The user is presented with clear warnings on the GUI that they should set usernames and passwords.\

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/ http://www.kb.cert.org/vuls/id/276148

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8