Vulnerabilities > CVE-2015-8288 - Unspecified vulnerability in Netgear D3600 Firmware and D6000 Firmware

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

netgear

NVD

Published: 2016-06-20

Updated: 2016-06-21

Summary

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Vulnerable Configurations

Part	Description	Count
OS	Netgear Netgear D3600 Firmware 1.0.0.49 Netgear D6000 Firmware - Netgear D6000 Firmware 1.0.0.49	3
Hardware	Netgear Netgear D3600 - Netgear D6000 -	2

References

http://kb.netgear.com/app/answers/detail/a_id/30560
http://www.kb.cert.org/vuls/id/778696

Summary

Vulnerable Configurations

Related news

References