Vulnerability CVE-2015-5729


Published: 2017-03-23

Description:
The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Samsung SoftAP Weak Password
Augusto Pereyra
19.12.2015

Vendor: Samsung
Product: Nt14u firmware 
Version:
t-nt14udeucb-1007.1
t-nt14udcncb-1003.1
t-nt14uakucb-1008.0
Product: X14h firmware 
Version:
t-mst14deucb-1023.0
t-mst14dcncb-1010.0
t-mst14akucb-1100.4
Product: X12 firmware 
Version: t-mst12deucb-1111.4; t-mst12akucb-1114.0;
Product: X10p firmware 
Version:
t-mst10pibrcb-1104.0
t-mst10pdeucb-1210.0
t-mst10pauscp-1302.0
Product: X14j firmware 
Version:
t-ms14jdeucb-1018.0
t-ms14jdcncb-1004.2
t-ms14jakucb-1102.5
Product: M288ofw firmware 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html
http://packetstormsecurity.com/files/134976/Samsung-SoftAP-Weak-Password.html
http://seclists.org/fulldisclosure/2015/Dec/79
http://www.securityfocus.com/bid/79675
http://www.securitytracker.com/id/1034503
http://www.securitytracker.com/id/1034504

Related CVE
CVE-2019-7421
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.
CVE-2019-7420
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.
CVE-2019-7419
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.
CVE-2019-7418
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
CVE-2018-14745
Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ...
CVE-2018-14856
Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to...
CVE-2018-14855
Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver...
CVE-2018-14854
Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi chip) to...

Copyright 2019, cxsecurity.com

 

Back to Top