Security News > 2016 > June > Netgear removes crypto keys hard-coded in routers (Help Net Security)
2016-06-14 13:30
Qualys security researcher Mandar Jadhav has discovered two serious vulnerabilities in Netgear D6000 and D3600 modem routers, which can be exploited to gain access to the devices and to intercept traffic passing through them. The vulnerabilities reside in the devices’ firmware, versions 1.0.0.47 and 1.0.0.49. The first one (CVE-2015-8288) is due to the firmware containing a hard-coded RSA private key and a hard-coded X.509 certificate and key. An attacker that discovers this information can misuse … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Sc_F3eHrSPQ/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-20 | CVE-2015-8288 | Unspecified vulnerability in Netgear D3600 Firmware and D6000 Firmware NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 5.9 |