================================================================ Samsung softap weak random generated password (This affects SmartTV and Printers) ================================================================ Information ********************** Vulnerability Type : Weak password Vulnerable Version : many Severity: Medium Author ? Augusto Pereyra CVE-ID: CVE-2015-5729 (waiting) Twitter: @aedpereyra Description *********************** Samsung SoftAP WPA2-PSK weak password randomly generated. It?s possible intersept wpa2-psk handshake and crack the password using aircrack in a few hours Detailed description ************************** http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html Severity Level: ========================================================= Medium Description: ========================================================== Vulnerable Product: [+] Samsung Smartvs with wifi included (Some of this firmware could be in process) Model Firmware patched X10P EU T-MST10PDEUCB-1210.0 X10P US T-MST10PAUSCB-1300.0 X10P US T-MST10PAUSCP-1302.0 X10P IBR T-MST10PIBRCB-1104.0 X12 EU T-MST12DEUCB-1111.4 X12 US T-MST12AKUCB-1114.0 X14H EU T-MST14DEUCB-1023.0 X14H US T-MST14AKUCB-1100.4 X14H CN T-MST14DCNCB-1010.0 X14J CN T-MS14JDCNCB-1004.2 X14J US T-MS14JAKUCB - 1102.5 X14J EU T-MS14JDEUCB-1018.0 NT14U EU T-NT14UDEUCB-1007.1 NT14U US T-NT14UAKUCB-1008.0 NT14U CN T-NT14UDCNCB-1003.1 [+] May be all printers Xpress series. Confirmed in M288OFW Vulnerable Parameter(s): [+] WPA2 password Advisory Timeline ************************ 20-Jul-2015- Reported 27-Jul-2015- Vendor Response 02-Dec-2015- Vendor Fixed some models 17-Dec-2015- Public disclosed Fixed Version: ***************** All version could be fixed if you read the workaround described in "Detailed Description" Reference ***************** https://samsungtvbounty.com/HallofFame.aspx http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html