CVE-2015-4400

{"id": "CVE-2015-4400", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2018-02-06T16:29:00.527", "references": [{"url": "https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://fortiguard.com/zeroday/FG-VD-15-021", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module."}, {"lang": "es", "value": "Los videoporteros Ring (anteriormente DoorBot) permiten que atacantes remotos obtengan informaci\u00f3n sensible sobre la configuraci\u00f3n de red inal\u00e1mbrica presionando el bot\u00f3n de configuraci\u00f3n y utilizando una API en el m\u00f3dulo Wi-Fi GainSpan."}], "lastModified": "2018-03-13T19:13:47.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ring:ring_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C06754C9-7ACD-4E01-AB6B-968168235C25"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ring:ring:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DED03787-44C4-436A-95F3-FA562BD28F5A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}