Vulnerability CVE-2015-8288


Published: 2016-06-19   Modified: 2016-06-20

Description:
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Netgear -> D3600 firmware 
Netgear -> D6000 firmware 

 References:
http://www.kb.cert.org/vuls/id/778696
http://kb.netgear.com/app/answers/detail/a_id/30560

Copyright 2024, cxsecurity.com

 

Back to Top