Vulnerability Details : CVE-2015-5729
The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack.
Vulnerability category: Information leak
Products affected by CVE-2015-5729
- cpe:2.3:o:samsung:nt14u_firmware:t-nt14uakucb-1008.0:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:nt14u_firmware:t-nt14udeucb-1007.1:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:nt14u_firmware:t-nt14udcncb-1003.1:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x14j_firmware:t-ms14jdeucb-1018.0:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x14j_firmware:t-ms14jdcncb-1004.2:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x14h_firmware:t-mst14dcncb-1010.0:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x14h_firmware:t-mst14akucb-1100.4:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x14h_firmware:t-mst14deucb-1023.0:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x12_firmware:t-mst12akucb-1114.0:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x12_firmware:t-mst12deucb-1111.4:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x10p_firmware:t-mst10pibrcb-1104.0:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x10p_firmware:t-mst10pauscp-1302.0:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:x10p_firmware:t-mst10pdeucb-1210.0:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:m288ofw_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5729
1.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5729
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-5729
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5729
-
http://www.securitytracker.com/id/1034504
Samsung Smart TV SoftAP Lets Remote Users Bypass Security Restrictions on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/134976/Samsung-SoftAP-Weak-Password.html
Samsung SoftAP Weak Password ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html
KaOtiCo NeUtRaL: Samsung Smarttv and Printers weak password SoftAP wpa2Exploit;Technical Description;Third Party Advisory
-
http://seclists.org/fulldisclosure/2015/Dec/79
Full Disclosure: Samsung softap weak random generated passwordThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1034503
Samsung Printer SoftAP Weak Default WiFi Key Lets Remote Users Bypass WiFi Security Protections - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/79675
Samsung SmartTV and Printers CVE-2015-5729 Weak Password Security VulnerabilityThird Party Advisory;VDB Entry
Jump to