Sign-up

ID

VAR-201802-0128


CVE

CVE-2015-4400


TITLE

Ring Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2015-008114

DESCRIPTION

Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module. Ring ( Old DoorBot) Contains vulnerabilities related to certificate and password management.Information may be obtained. Ring (formerly known as DoorBot) videodoorbells is a smart doorbell with video function from Ring Company of the United States. There is a security hole in Ringvideodoorbells. A security flaw exists in Ring video doorbells

Trust: 2.34

sources: NVD: CVE-2015-4400 // JVNDB: JVNDB-2015-008114 // CNVD: CNVD-2018-05559 // VULHUB: VHN-82361 // VULMON: CVE-2015-4400

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05559

AFFECTED PRODUCTS

vendor:ringmodel:ringscope:eqversion: -

Trust: 1.6

vendor:ringmodel:ringscope: - version: -

Trust: 0.8

vendor:ringmodel:video doorbellsscope:eqversion:0

Trust: 0.6

sources: CNVD: CNVD-2018-05559 // JVNDB: JVNDB-2015-008114 // CNNVD: CNNVD-201802-167 // NVD: CVE-2015-4400

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4400
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4400
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05559
value: LOW

Trust: 0.6

CNNVD: CNNVD-201802-167
value: LOW

Trust: 0.6

VULHUB: VHN-82361
value: LOW

Trust: 0.1

VULMON: CVE-2015-4400
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-4400
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-05559
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82361
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-4400
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05559 // VULHUB: VHN-82361 // VULMON: CVE-2015-4400 // JVNDB: JVNDB-2015-008114 // CNNVD: CNNVD-201802-167 // NVD: CVE-2015-4400

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-82361 // JVNDB: JVNDB-2015-008114 // NVD: CVE-2015-4400

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201802-167

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201802-167

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008114

PATCH
title:Top Pageurl:https://ring.com/
Trust: 0.8
title:IoT-PenTesting-Research-url:https://github.com/RedaMastouri/IoT-PenTesting-Research- 
Trust: 0.1
title:IOt-Hackurl:https://github.com/mrnamp/IOt-Hack 
Trust: 0.1
title: - url:https://github.com/MdTauheedAlam/IOT-Hacks 
Trust: 0.1
title:awesome-iot-hacksurl:https://github.com/nebgnahz/awesome-iot-hacks 
Trust: 0.1
title:IOTHacksurl:https://github.com/AliyaValieva/IOTHacks 
Trust: 0.1
title:Awesome-Hardware-and-IoT-Hackingurl:https://github.com/CyberSecurityUP/Awesome-Hardware-and-IoT-Hacking 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-4400 // 
            
            
            
            JVNDB: JVNDB-2015-008114

EXTERNAL IDS
db:NVDid:CVE-2015-4400
Trust: 3.2
db:JVNDBid:JVNDB-2015-008114
Trust: 0.8
db:CNNVDid:CNNVD-201802-167
Trust: 0.7
db:CNVDid:CNVD-2018-05559
Trust: 0.6
db:VULHUBid:VHN-82361
Trust: 0.1
db:VULMONid:CVE-2015-4400
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05559 // 
            
            
            
            VULHUB: VHN-82361 // 
            
            
            
            VULMON: CVE-2015-4400 // 
            
            
            
            JVNDB: JVNDB-2015-008114 // 
            
            
            
            CNNVD: CNNVD-201802-167 // 
            
            
            
            NVD: CVE-2015-4400

REFERENCES
url:https://fortiguard.com/zeroday/fg-vd-15-021
Trust: 2.6
url:https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell
Trust: 2.4
url:https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4400
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-4400
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.1
url:https://github.com/redamastouri/iot-pentesting-research-
Trust: 0.1
url:https://github.com/nebgnahz/awesome-iot-hacks
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05559 // 
            
            
            
            VULHUB: VHN-82361 // 
            
            
            
            VULMON: CVE-2015-4400 // 
            
            
            
            JVNDB: JVNDB-2015-008114 // 
            
            
            
            CNNVD: CNNVD-201802-167 // 
            
            
            
            NVD: CVE-2015-4400

SOURCES
db:CNVDid:CNVD-2018-05559
db:VULHUBid:VHN-82361
db:VULMONid:CVE-2015-4400
db:JVNDBid:JVNDB-2015-008114
db:CNNVDid:CNNVD-201802-167
db:NVDid:CVE-2015-4400

LAST UPDATE DATE
2024-11-23T22:12:41.055000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05559date:2018-03-19T00:00:00
db:VULHUBid:VHN-82361date:2018-03-13T00:00:00
db:VULMONid:CVE-2015-4400date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2015-008114date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201802-167date:2018-02-07T00:00:00
db:NVDid:CVE-2015-4400date:2024-11-21T02:31:00.143

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05559date:2018-03-19T00:00:00
db:VULHUBid:VHN-82361date:2018-02-06T00:00:00
db:VULMONid:CVE-2015-4400date:2018-02-06T00:00:00
db:JVNDBid:JVNDB-2015-008114date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201802-167date:2018-02-07T00:00:00
db:NVDid:CVE-2015-4400date:2018-02-06T16:29:00.527