4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.003 Low
EPSS
Percentile
65.6%
The Netgear D6000 and D3600 routers are vulnerable to authentication bypass and contain hard-coded cryptographic keys embedded in their firmware.
CWE-321**: Use of Hard-coded Cryptographic Key --**CVE-2015-8288
The firmware for these devices contains a hard-coded RSA private key, as well as a hard-coded X.509 certificate and key. An attacker with knowledge of these keys could gain administrator access to the device, implement man-in-the-middle attacks, or decrypt passively captured packets.
CWE-288**: Authentication Bypass Using an Alternate Path or Channel --**CVE-2015-8289
A remote attacker able to access the /cgi-bin/passrec.asp
password recovery page may be able to view the administrator password in clear text by opening the source code of above page.
According to the reporter, these vulnerabilities affect firmware versions 1.0.0.47 and 1.0.0.49 running on Netgear model D6000 and D3600. Other models and firmware versions may also be impacted.
A remote unauthenticated attacker may be able to gain administrator access to the device, man-in-the-middle a victim on the network, or decrypt passively captured data.
Apply an update
Netgear has released firmware version 1.0.0.59 on April 20th, 2016 to address these issues. Affected users are encouraged to update the device’s firmware as soon as possible. Netgear has also created Knowledgebase articles about these issues; please see the URLs in the References section below.
Affected users might also consider the following workarounds:
Restrict network access
Restrict network access to the Netgear device’s system web interface and other devices using open protocols like HTTP. Consult your firewall product’s manual for more information.
778696
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 15, 2015 Updated: July 01, 2016
Statement Date: June 07, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 8.8 | AV:N/AC:M/Au:N/C:C/I:C/A:N |
Temporal | 7.5 | E:POC/RL:U/RC:UR |
Environmental | 5.6 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Mandar Jadhav of Qualys for reporting this vulnerability.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2015-8288, [CVE-2015-8289 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-8289 >) |
---|---|
Date Public: | 2016-06-10 Date First Published: |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.003 Low
EPSS
Percentile
65.6%