Vulnerabilities > CVE-2015-4400 - Credentials Management vulnerability in Ring Firmware

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ring

CWE-255

NVD

Published: 2018-02-06

Updated: 2018-03-13

Summary

Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module.

Vulnerable Configurations

Part	Description	Count
OS	Ring Ring Ring Firmware -	1
Hardware	Ring Ring Ring -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell
https://fortiguard.com/zeroday/FG-VD-15-021
https://www.pentestpartners.com/security-blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/