Vulnerabilities > Philips > IN Sight B120 37
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-10 | CVE-2015-2884 | Information Exposure vulnerability in Philips In.Sight B12037 Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. | 7.5 |
| 2017-04-10 | CVE-2015-2883 | Cross-site Scripting vulnerability in Philips In.Sight B12037 Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. | 5.4 |
| 2017-04-10 | CVE-2015-2882 | Use of Hard-coded Credentials vulnerability in Philips In.Sight B12037 Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. | 9.8 |