CVE-2015-2909

CRITICAL

Dedicated Micros DV-IP Express SD Advanced SD EcoSense and DS2 - Unauthenticated Access via Default Credentials

Title source: llm

Description

Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords."

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

http://cybergibbons.com/security-2/shodan-searches/interesting-shodan-searches-sd-advanced-dvrs/

Third Party Advisory, US Government Resource x_refsource_misc

http://www.kb.cert.org/vuls/id/276148

Scores

CVSS v3 9.8

EPSS 0.0294

EPSS Percentile 85.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (20)

netvu/ds2_\(dvtr\)_firmware

netvu/ds2_\(dvtu\)_firmware

netvu/ds2_\(dvtx\)_firmware

netvu/ds2_\(dvtx\)_netvu_connected_firmware

netvu/ds2_\(m2ip\)_firmware

netvu/dv-ip_express_firmware

netvu/ecosense_4\/8\/16_\(m4t\)_firmware

netvu/sd-advanced_-_sdhd_firmware

netvu/sd-advanced_8\/12\/16_vga_firmware

netvu/sd_32_\(m3g\)_firmware

... and 10 more

Published Feb 06, 2020

Tracked Since Feb 18, 2026