MidnightBSD

Advisories for netvu

CVE-2015-2909 HIGH

Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
netvu sd_8/16_front_panel_kbd_(m3r)_firmware -
netvu sd_4_(m3t)_firmware -
netvu ecosense_4/8/16_(m4t)_firmware -
netvu sd-advanced_8/12/16_vga_firmware -
netvu ds2_(m2ip)_firmware -
netvu sd_32_(m3h)_firmware -
netvu ds2_(dvtx)_netvu_connected_firmware -
netvu sd-advanced_-_sdhd_firmware -
netvu sd_32_(m3g)_firmware -
netvu ds2_(dvtx)_firmware -
netvu dv-ip_express_firmware -
netvu sd_advanced_non_closed_iptv_(m3u)_firmware -
netvu sd_8/16_front_panel_kbd_(m3u)_firmware -
netvu sd_advanced_nvr_firmware -
netvu ds2_(dvtu)_firmware -
netvu sd_8/12/16_no_kbd_(m3r)_firmware -
netvu sd_8/12/16_no_kbd_(m3s)_firmware -
netvu sd_advanced_closed_iptv_(m3u)_firmware -
netvu ds2_(dvtr)_firmware -
netvu sd_4_(m3s)_firmware -