CVE-2015-2880 - Vulnerability Details

Vendors	Products
Trendnet	Tv-ip743sic

Link	Providers
https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "TRENDnet WiFi Baby Cam TV-IP743SIC", "vendor": "n/a", "versions": [{"status": "affected", "version": "TRENDnet WiFi Baby Cam TV-IP743SIC"}]}], "datePublic": "2017-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account."}], "problemTypes": [{"descriptions": [{"description": "backdoor", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-10T02:57:02", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2015-2880", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TRENDnet WiFi Baby Cam TV-IP743SIC", "version": {"version_data": [{"version_value": "TRENDnet WiFi Baby Cam TV-IP743SIC"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "backdoor"}]}]}, "references": {"reference_data": [{"name": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors", "refsource": "MISC", "url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:32:20.304Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2015-2880", "datePublished": "2017-04-10T03:00:00", "dateReserved": "2015-04-03T00:00:00", "dateUpdated": "2024-08-06T05:32:20.304Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : TRENDnet WiFi Baby Cam TV-IP743SIC (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : TRENDnet WiFi Baby Cam TV-IP743SIC (string)

}

]

}

]

datePublic : 2017-04-09T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : backdoor (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-04-10T02:57:02 (string)

orgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

shortName : certcc (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cert@cert.org (string)

ID : CVE-2015-2880 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : TRENDnet WiFi Baby Cam TV-IP743SIC (string)

version : { »

version_data : [ »

0 : { »

version_value : TRENDnet WiFi Baby Cam TV-IP743SIC (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : backdoor (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors (string)

refsource : MISC (string)

url : https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T05:32:20.304Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

assignerShortName : certcc (string)

cveId : CVE-2015-2880 (string)

datePublished : 2017-04-10T03:00:00 (string)

dateReserved : 2015-04-03T00:00:00 (string)

dateUpdated : 2024-08-06T05:32:20.304Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:tv-ip743sic:-:*:*:*:*:*:*:*", "matchCriteriaId": "13A18E38-E5F5-44EE-9E17-8AC2BF12713C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account."}, {"lang": "es", "value": "TRENDnet WiFi Baby Cam TV-IP743SIC tiene una contrase\u00f1a de admin para la cuenta de root backdoor."}], "id": "CVE-2015-2880", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-10T03:59:00.200", "references": [{"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:trendnet:tv-ip743sic:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 13A18E38-E5F5-44EE-9E17-8AC2BF12713C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. (string)

}

1 : { »

lang : es (string)

value : TRENDnet WiFi Baby Cam TV-IP743SIC tiene una contraseña de admin para la cuenta de root backdoor. (string)

}

]

id : CVE-2015-2880 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:S/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-04-10T03:59:00.200 (string)

references : [ »

0 : { »

source : cret@cert.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors (string)

}

]

sourceIdentifier : cret@cert.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-287 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object