CVE-2015-2909

Published Feb 6, 2020
Last updated 5 years ago
CVSS critical 9.8
Overview

Description: Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords."
Source: cret@cert.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-269
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:dv-ip_express_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8F384B2-8664-4BB8-9111-6D74780C27F7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:dv-ip_express:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "602C10B4-BF3C-47D4-A94E-42F012400DFA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd-advanced_-_sdhd_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "332B9E94-BC28-4E58-9BE1-66712B730FF6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd-advanced_-_sdhd:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "74F3EEE6-025E-47C3-BD0B-6141B59121C4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd-advanced_8\\/12\\/16_vga_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26A732B4-B87B-4DE7-8FCD-37261CC4756B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd-advanced_8\\/12\\/16_vga:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "49BDBE71-B297-457C-AB47-77D3A2CCD9F8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd_advanced_closed_iptv_\\(m3u\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A456130-FB52-4BDA-A7DE-C0D4569CD6F6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd_advanced_closed_iptv_\\(m3u\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6EEB3DD3-B4AF-455E-82A4-5CB0E3208154"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd_advanced_non_closed_iptv_\\(m3u\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2BA14D2-6872-40E2-9854-0C347EEA85E0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd_advanced_non_closed_iptv_\\(m3u\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6E1188D9-FF5B-4871-B6F8-9CB2C5E198E2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd_advanced_nvr_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C7C9B70-F481-4103-94AF-D7B564B92C41"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd_advanced_nvr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "003BBE05-7606-4FBE-95CF-F0EB5494ED89"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd_32_\\(m3g\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6C02755-872D-41E8-909B-F7B0C73D773C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd_32_\\(m3g\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "00EFD5DE-1C95-41E9-AA2C-28ADA6FE5ED4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd_32_\\(m3h\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D763480-5F17-472B-9194-DF7FEB1EDB8A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd_32_\\(m3h\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3290653A-7F36-4FF9-A996-80095758FAFD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd_4_\\(m3s\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AA83431-215A-42BD-BC18-A3409EB19439"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd_4_\\(m3s\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "25710A9E-8FAE-4A77-8561-ADD63A637387"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd_4_\\(m3t\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1ABA204-F560-4340-A268-1E3F9074DEB1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd_4_\\(m3t\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "661D6443-8174-4A9E-AAA7-775B6D82C64F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd_8\\/12\\/16_no_kbd_\\(m3r\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BAF6E88-F220-4572-8D5B-AFAB58E8D2B9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd_8\\/12\\/16_no_kbd_\\(m3r\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE8B7F37-743C-42B5-9DAE-468451D75D0E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd_8\\/12\\/16_no_kbd_\\(m3s\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AA0634A-FEA9-47E9-B9FC-0AEF2209D97C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd_8\\/12\\/16_no_kbd_\\(m3s\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ACC93B21-9FA0-473E-8454-AD2FF091CC2A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd_8\\/16_front_panel_kbd_\\(m3r\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A8804F1-E3E7-42F7-81D9-8C4EDF5339EB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd_8\\/16_front_panel_kbd_\\(m3r\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "50FE059B-8B29-4855-8E25-5008090E8173"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:sd_8\\/16_front_panel_kbd_\\(m3u\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76114EEC-1948-4D24-B2B5-37FA941CAD09"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:sd_8\\/16_front_panel_kbd_\\(m3u\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF6E9E35-2A14-4B0F-B36A-1BE3A1575DEC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:ecosense_4\\/8\\/16_\\(m4t\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "765CFEBA-0DA1-4391-8022-F2B142502E99"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:ecosense_4\\/8\\/16_\\(m4t\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "24641CF1-970A-4344-B4B7-EE7CE2C14D78"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:ds2_\\(dvtr\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "826C5088-35A6-4288-868F-AE72DDC14336"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:ds2_\\(dvtr\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C7BCF22E-A5EA-4975-A282-4B80A35E8C14"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:ds2_\\(dvtu\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BA8A86B-648F-4E8E-8320-2FF455F05BC6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:ds2_\\(dvtu\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D0F4A60E-8EF0-42FD-9D54-502EF0954C8A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:ds2_\\(dvtx\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AA8CF54-4767-4689-85EF-710754D6FAA9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:ds2_\\(dvtx\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8ECD808-156E-4936-B237-75CB29D3DB6F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:ds2_\\(dvtx\\)_netvu_connected_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B80E270E-55E1-464C-BC7F-948DD1890160"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:ds2_\\(dvtx\\)_netvu_connected:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "66EB08A9-11C0-4629-9FD9-DA6178A301B1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netvu:ds2_\\(m2ip\\)_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB5B90CC-181D-4278-9157-3AF3A2F4365E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netvu:ds2_\\(m2ip\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B9430043-BEE0-41EF-A731-4290796A927E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
