Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module.
References
Link | Resource |
---|---|
https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/ | Third Party Advisory |
https://fortiguard.com/zeroday/FG-VD-15-021 | Third Party Advisory |
https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2018-02-06 08:29
Updated : 2018-03-13 12:13
NVD link : CVE-2015-4400
Mitre link : CVE-2015-4400
JSON object : View
CWE
CWE-255
Credentials Management Errors
Products Affected
ring
- ring_firmware
- ring