14 matches found
EUVD-2015-2971
Malware in sbrugna...
Philips In.Sight B120/37 Privilege Gain Vulnerability
The Philips In.Sight B120/37 is a video monitoring device for infants from Philips Netherlands. A privilege acquisition vulnerability exists in the Philips In.Sight B120/37. Sight B120/37 can be exploited to gain access to the local web server and operating system...
Cross site scripting
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php...
CVE-2015-2883
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php...
CVE-2015-2882
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor...
Default credentials
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor...
Information disclosure
Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and camserviceenable.cgi...
CVE-2015-2884
Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and camserviceenable.cgi...
CVE-2015-2883
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php...
CVE-2015-2884
CVE-2015-2884 affects Philips In.Sight B120/37, a video monitoring device. The connected sources confirm an information-disclosure vulnerability that allows remote attackers to obtain sensitive data via a direct request, referencing yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. Th...
CVE-2015-2882
The CVE-2015-2882 entry concerns Philips In.Sight B120/37, a video monitoring device. The documented issue is the presence of multiple default/backdoor credentials (b120root, /ADMIN/, merlin, M100-4674448) for various accounts, which OpenVAS entries also flag as default credentials. Connected CNV...
CVE-2015-2884
Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and camserviceenable.cgi...
CVE-2015-2883
Philips In.Sight B120/37 is affected by a cross-site scripting (XSS) vulnerability, related to the Weaved cloud web service. The issue can be triggered via the name parameter in deviceSettings.php or shareDevice.php. The Common result is that arbitrary script/HTML could be injected, potentially a...
CVE-2015-2882
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor...