Information disclosure in Samsung M288ofw
CVE-2015-5729
The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authenti…
Vulnerability class: Information Disclosure
EPSS: 0.013 (80.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Samsung M288ofw
- Samsung M288ofw_firmware
- Samsung Nt14u_cn
- Samsung Nt14u_eu
- Samsung Nt14u_firmware — versions t-nt14uakucb-1008.0, t-nt14udeucb-1007.1, t-nt14udcncb-1003.1
- Samsung Nt14u_us
- Samsung X10p_eu
- Samsung X10p_firmware — versions t-mst10pibrcb-1104.0, t-mst10pauscp-1302.0, t-mst10pdeucb-1210.0
- Samsung X10p_ibr
- Samsung X10p_us
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- cve@mitre.org (mailing-list, x_refsource_FULLDISC, VDB Entry, Third Party Advisory)
- cve@mitre.org (Technical Description, Exploit, Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
Frequently asked questions
- What is CVE-2015-5729?
- CVE-2015-5729 is a critical-severity vulnerability in Samsung M288ofw, classified under Information Disclosure. CVSS score: 9.8/10. Published 2017-03-23.
- How severe is CVE-2015-5729?
- Critical severity. CVSS v3 base score is 9.8 out of 10.
- Is CVE-2015-5729 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.