CVE-2015-2882

Name of the Vulnerable Software and Affected Versions Philips In.Sight B120/37 (affected versions not specified)

Description The issue is related to the presence of pre-installed accounts for access through Telnet or UART, including root, admin, and mg3500 with passwords b120root, /ADMIN/, and merlin respectively. Additionally, there are accounts for access through the web interface, user and admin with passwords M100-4674448 and M100-4674448 respectively. In updated versions of the device, the password for the admin account consists of the character i and the last 10 characters of the device's MAC address. This could allow a remote attacker to gain access to the device.

Recommendations For Philips In.Sight B120/37, consider changing the default passwords for the root, admin, mg3500, user, and admin accounts to prevent unauthorized access. As a temporary workaround, restrict access to the device through Telnet, UART, and the web interface until secure passwords are set. Avoid using the default passwords for the root, admin, mg3500, user, and admin accounts. If the device is updated, use the character i and the last 10 characters of the device's MAC address as the password for the admin account, but it is recommended to change this password as well to ensure security.