Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Samsung SoftAP Weak Password Vulnerability

🗓️ 19 Dec 2015 00:00:00Reported by Augusto PereyraType 
zdt
 zdt🔗 0day.today👁 39 Views

Samsung SoftAP Weak Password Vulnerability affects Samsung SmartTV and printers. WPA2-PSK weak password randomly generated, leading to possible interception and cracking in a few hours

Related
Code
ReporterTitlePublishedViews
Family
CNVD		Samsung SmartTV and Printers Information Disclosure Vulnerability
27 Dec 201500:00
cnvd
CVE		CVE-2015-5729
23 Mar 201720:00
cve
Cvelist		CVE-2015-5729
23 Mar 201720:00
cvelist
EUVD		EUVD-2015-5675
7 Oct 202500:30
euvd
NVD		CVE-2015-5729
23 Mar 201720:59
nvd
Prion		Authentication flaw
23 Mar 201720:59
prion
================================================================
Samsung softap weak random generated password (This affects SmartTV and
Printers)
================================================================

Information
**********************

Vulnerability Type : Weak password
Vulnerable Version : many
Severity: Medium
Author – Augusto Pereyra
CVE-ID: CVE-2015-5729 (waiting)
Twitter: @aedpereyra

Description
***********************

Samsung SoftAP WPA2-PSK weak password randomly generated. It’s possible
intersept wpa2-psk handshake and crack the password using aircrack in a few
hours

Detailed description
**************************
http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html

Severity Level:
=========================================================
Medium

Description:
==========================================================

Vulnerable Product:

[+] Samsung Smartvs with wifi included (Some of this firmware could be in
process)
Model Firmware patched
X10P EU T-MST10PDEUCB-1210.0
X10P US
T-MST10PAUSCB-1300.0
X10P US T-MST10PAUSCP-1302.0
X10P IBR T-MST10PIBRCB-1104.0
X12 EU T-MST12DEUCB-1111.4
X12 US T-MST12AKUCB-1114.0
X14H EU T-MST14DEUCB-1023.0
X14H US T-MST14AKUCB-1100.4
X14H CN T-MST14DCNCB-1010.0
X14J CN T-MS14JDCNCB-1004.2
X14J US T-MS14JAKUCB - 1102.5
X14J EU T-MS14JDEUCB-1018.0
NT14U EU T-NT14UDEUCB-1007.1
NT14U US T-NT14UAKUCB-1008.0
NT14U CN T-NT14UDCNCB-1003.1

[+]  May be all printers Xpress series. Confirmed in M288OFW

Vulnerable Parameter(s):

[+]  WPA2 password

Advisory Timeline
************************

20-Jul-2015- Reported
27-Jul-2015- Vendor Response
02-Dec-2015- Vendor Fixed some models
17-Dec-2015- Public disclosed

Fixed Version:
*****************

All version could be fixed if you read the workaround described in
"Detailed Description"

Reference
*****************

https://samsungtvbounty.com/HallofFame.aspx

http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html

#  0day.today [2018-04-14]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Dec 2015 00:00Current
9.3High risk
Vulners AI Score9.3
EPSS0.01349
samsung softapwpa2-psksmarttvprintersvulnerabilityinterceptioncrackingaircrackfirmwareprinters xpress seriescve-2015-5729augusto pereyravendor responsevendor fixedpublic disclosed.
39