CVE-2015-5729

The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 5.0 MEDIUM

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securitytracker.com/id/1034504	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034503	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/79675	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2015/Dec/79	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/134976/Samsung-SoftAP-Weak-Password.html	Exploit Third Party Advisory VDB Entry
http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:samsung:nt14u_firmware:t-nt14uakucb-1008.0:*:*:*:*:*:*:*

cpe:2.3:h:samsung:nt14u_us:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*

cpe:2.3:h:samsung:x14j_us:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:samsung:x14h_firmware:t-mst14dcncb-1010.0:*:*:*:*:*:*:*

cpe:2.3:h:samsung:x14h_cn:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:samsung:x12_firmware:t-mst12akucb-1114.0:*:*:*:*:*:*:*

cpe:2.3:h:samsung:x12_us:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:samsung:x10p_firmware:t-mst10pibrcb-1104.0:*:*:*:*:*:*:*

cpe:2.3:h:samsung:x10p_ibr:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:samsung:nt14u_firmware:t-nt14udeucb-1007.1:*:*:*:*:*:*:*

cpe:2.3:h:samsung:nt14u_eu:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:samsung:nt14u_firmware:t-nt14udcncb-1003.1:*:*:*:*:*:*:*

cpe:2.3:h:samsung:nt14u_cn:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:samsung:x14j_firmware:t-ms14jdeucb-1018.0:*:*:*:*:*:*:*

cpe:2.3:h:samsung:x14j_eu:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:samsung:x14j_firmware:t-ms14jdcncb-1004.2:*:*:*:*:*:*:*

cpe:2.3:h:samsung:x14j_cn:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:samsung:x14h_firmware:t-mst14akucb-1100.4:*:*:*:*:*:*:*

cpe:2.3:h:samsung:x14h_us:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:samsung:x14h_firmware:t-mst14deucb-1023.0:*:*:*:*:*:*:*

cpe:2.3:h:samsung:x14h_eu:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:samsung:x12_firmware:t-mst12deucb-1111.4:*:*:*:*:*:*:*

cpe:2.3:h:samsung:x12_eu:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:samsung:x10p_firmware:t-mst10pauscp-1302.0:*:*:*:*:*:*:*

cpe:2.3:h:samsung:x10p_us:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:samsung:x10p_firmware:t-mst10pdeucb-1210.0:*:*:*:*:*:*:*

cpe:2.3:h:samsung:x10p_eu:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:samsung:m288ofw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:m288ofw:-:*:*:*:*:*:*:*

Information

Published : 2017-03-23 13:59

Updated : 2017-04-04 09:15

NVD link : CVE-2015-5729

Mitre link : CVE-2015-5729

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

samsung

x12_firmware
nt14u_eu
x14h_us
x14j_us
nt14u_cn
x14h_cn
m288ofw
nt14u_firmware
x14h_firmware
nt14u_us
x14j_eu
x10p_ibr
x10p_firmware
x12_eu
x14j_cn
x10p_eu
m288ofw_firmware
x14j_firmware
x12_us
x14h_eu
x10p_us

9.8 /10