EUVD-2015-2971

Malware in sbrugna...

EUVD-2015-2970

Malware in sbrugna...

Philips In.Sight B120/37 Privilege Gain Vulnerability

The Philips In.Sight B120/37 is a video monitoring device for infants from Philips Netherlands. A privilege acquisition vulnerability exists in the Philips In.Sight B120/37. Sight B120/37 can be exploited to gain access to the local web server and operating system...

Cross site scripting

Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php...

CVE-2015-2882

Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor...

CVE-2015-2883

Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php...

Default credentials

Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor...

Information disclosure

Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and camserviceenable.cgi...

CVE-2015-2884

Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and camserviceenable.cgi...

CVE-2015-2883

Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php...

CVE-2015-2884

CVE-2015-2884 affects Philips In.Sight B120/37, a video monitoring device. The connected sources confirm an information-disclosure vulnerability that allows remote attackers to obtain sensitive data via a direct request, referencing yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. Th...

CVE-2015-2882

The CVE-2015-2882 entry concerns Philips In.Sight B120/37, a video monitoring device. The documented issue is the presence of multiple default/backdoor credentials (b120root, /ADMIN/, merlin, M100-4674448) for various accounts, which OpenVAS entries also flag as default credentials. Connected CNV...

CVE-2015-2884

Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and camserviceenable.cgi...

CVE-2015-2883

Philips In.Sight B120/37 is affected by a cross-site scripting (XSS) vulnerability, related to the Weaved cloud web service. The issue can be triggered via the name parameter in deviceSettings.php or shareDevice.php. The Common result is that arbitrary script/HTML could be injected, potentially a...

CVE-2015-2882

Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor...

Philips In.Sight Default Credentials (HTTP)

The remote Philips In.Sight Device has default credentials set. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Philips In.Sight Default Credentials (Telnet)

The remote Philips In.Sight Device has default credentials set. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...