CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-2884
https://notcve.org/view.php?id=CVE-2015-2884
Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. Philips In.Sight B120/37 permite a atacantes remotos obtener información sensible a través de una respuesta directa, relacionado con las URLs yoics.net, URIs stream.m3u8 y cam_service_enable.cgi. • http://www.securityfocus.com/bid/97683 https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2883
https://notcve.org/view.php?id=CVE-2015-2883
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. Philips In.Sight B120/37 tiene XSS, relacionado con el servicio web de nuve Weaved, según lo demostrado mediante el parámetro name para deviceSettings.php o shareDevice.php. • https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-2882
https://notcve.org/view.php?id=CVE-2015-2882
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. Philips In.Sight B120/37 tiene una contraseña de b120root para la cuenta de root backdoor, una contraseña de /ADMIN/ para la cuenta admin backdoor, una contraseña de merlin para la cuenta backdoor mg3500, una contraseña de M100-4674448 para la cuenta de usuario backdoor y una contraseña de M100-4674448 para la cuenta admin backdoor. • https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors • CWE-798: Use of Hard-coded Credentials •