多款Samsung产品信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1151070 漏洞类型 信息泄露
发布时间 2015-12-17 更新时间 2015-12-17
CVE编号 CVE-2015-5729 CNNVD-ID CNNVD-201512-591
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/79675
https://cxsecurity.com/issue/WLB-2015120224
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201512-591
|漏洞详情
SamsungSmartTVsX10P等都是韩国三星(Samsung)公司的将网络内容、Apps应用程序、AllShare内容、搜索功能和传统电视频道列表等整合到一个使用界面中的智能电视。SoftAccessPoint(AP)是其中的一个无线接入功能。多款Samsung产品的SoftAP功能存在安全漏洞。远程攻击者可利用该漏洞获取敏感信息。以下产品受到影响:SamsungSmartTVsX10P,X12,X14H,X14J,NT14U,XpressM288OFW。
|漏洞EXP
================================================================
Samsung softap weak random generated password (This affects SmartTV and
Printers)
================================================================

Information
**********************

Vulnerability Type : Weak password
Vulnerable Version : many
Severity: Medium
Author ? Augusto Pereyra
CVE-ID: CVE-2015-5729 (waiting)
Twitter: @aedpereyra

Description
***********************

Samsung SoftAP WPA2-PSK weak password randomly generated. It?s possible
intersept wpa2-psk handshake and crack the password using aircrack in a few
hours

Detailed description
**************************
http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html

Severity Level:
=========================================================
Medium

Description:
==========================================================

Vulnerable Product:

[+] Samsung Smartvs with wifi included (Some of this firmware could be in
process)
Model Firmware patched
X10P EU T-MST10PDEUCB-1210.0
X10P US
T-MST10PAUSCB-1300.0
X10P US T-MST10PAUSCP-1302.0
X10P IBR T-MST10PIBRCB-1104.0
X12 EU T-MST12DEUCB-1111.4
X12 US T-MST12AKUCB-1114.0
X14H EU T-MST14DEUCB-1023.0
X14H US T-MST14AKUCB-1100.4
X14H CN T-MST14DCNCB-1010.0
X14J CN T-MS14JDCNCB-1004.2
X14J US T-MS14JAKUCB - 1102.5
X14J EU T-MS14JDEUCB-1018.0
NT14U EU T-NT14UDEUCB-1007.1
NT14U US T-NT14UAKUCB-1008.0
NT14U CN T-NT14UDCNCB-1003.1

[+]  May be all printers Xpress series. Confirmed in M288OFW

Vulnerable Parameter(s):

[+]  WPA2 password

Advisory Timeline
************************

20-Jul-2015- Reported
27-Jul-2015- Vendor Response
02-Dec-2015- Vendor Fixed some models
17-Dec-2015- Public disclosed

Fixed Version:
*****************

All version could be fixed if you read the workaround described in
"Detailed Description"

Reference
*****************

https://samsungtvbounty.com/HallofFame.aspx

http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html
|受影响的产品
Samsung Xpress series Printer M288OFW Samsung SmartTV 0
|参考资料

来源:SECTRACK
链接:http://www.securitytracker.com/id/1034504
来源:packetstormsecurity.com
链接:http://packetstormsecurity.com/files/134976/Samsung-SoftAP-Weak-Password.html
来源:FULLDISC
链接:http://seclists.org/fulldisclosure/2015/Dec/79
来源:kaoticoneutral.blogspot.com.ar
链接:http://kaoticoneutral.blogspot.com.ar/2015/12/samsung-smarttv-and-printers-weak.html
来源:SECTRACK
链接:http://www.securitytracker.com/id/1034503
来源:BID
链接:http://www.securityfocus.com/bid/79675