================================================================
Samsung softap weak random generated password (This affects SmartTV and
Printers)
================================================================
Information
**********************
Vulnerability Type : Weak password
Vulnerable Version : many
Severity: Medium
Author ? Augusto Pereyra
CVE-ID: CVE-2015-5729 (waiting)
Twitter: @aedpereyra
Description
***********************
Samsung SoftAP WPA2-PSK weak password randomly generated. It?s possible
intersept wpa2-psk handshake and crack the password using aircrack in a few
hours
Detailed description
**************************
http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html
Severity Level:
=========================================================
Medium
Description:
==========================================================
Vulnerable Product:
[+] Samsung Smartvs with wifi included (Some of this firmware could be in
process)
Model Firmware patched
X10P EU T-MST10PDEUCB-1210.0
X10P US
T-MST10PAUSCB-1300.0
X10P US T-MST10PAUSCP-1302.0
X10P IBR T-MST10PIBRCB-1104.0
X12 EU T-MST12DEUCB-1111.4
X12 US T-MST12AKUCB-1114.0
X14H EU T-MST14DEUCB-1023.0
X14H US T-MST14AKUCB-1100.4
X14H CN T-MST14DCNCB-1010.0
X14J CN T-MS14JDCNCB-1004.2
X14J US T-MS14JAKUCB - 1102.5
X14J EU T-MS14JDEUCB-1018.0
NT14U EU T-NT14UDEUCB-1007.1
NT14U US T-NT14UAKUCB-1008.0
NT14U CN T-NT14UDCNCB-1003.1
[+] May be all printers Xpress series. Confirmed in M288OFW
Vulnerable Parameter(s):
[+] WPA2 password
Advisory Timeline
************************
20-Jul-2015- Reported
27-Jul-2015- Vendor Response
02-Dec-2015- Vendor Fixed some models
17-Dec-2015- Public disclosed
Fixed Version:
*****************
All version could be fixed if you read the workaround described in
"Detailed Description"
Reference
*****************
https://samsungtvbounty.com/HallofFame.aspx
http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html