Vulnerability CVE-2016-10116

Published: 2017-01-04

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack.

Vendor: Netgear
Product: Arlo q plus camera firmware 
Version: 1.8.1_6094;
Product: Arlo q camera firmware 
Version: 1.8.0_5551;
Product: Arlo base station firmware 
Version: 1.7.5_6178;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
Exploit range
Attack complexity
No required
Confidentiality impact
Integrity impact
Availability impact


Related CVE
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When proces...
There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can a...
NETGEAR WNR2000v3 devices before, WNR2000v4 devices before, and WNR2000v5 devices before allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NE...
ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.
Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.
Netgear WNAP320, WNDAP350, and WNDAP360 before reveal wireless passwords and administrative usernames and passwords over SNMP.
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before allow remote attackers to ex...
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware through allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dn...

Copyright 2019,


Back to Top