Vulnerabilities > CVE-2015-4400 - Credentials Management vulnerability in Ring Firmware

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

ring

CWE-255

NVD

Published: 2018-02-06

Updated: 2024-11-21

Summary

Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module.

Vulnerable Configurations

Part	Description	Count
OS	Ring Ring Ring Firmware -	1
Hardware	Ring Ring Ring -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell
https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell
https://fortiguard.com/zeroday/FG-VD-15-021
https://fortiguard.com/zeroday/FG-VD-15-021
https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/
https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/