Lucene search

MitreCVE-2016-10116

HistoryJan 04, 2017 - 8:59 a.m.

CVE-2016-10116

2017-01-0408:59:00

CWE-264

mitre

web.nvd.nist.gov

cve-2016-10116

netgear

arlo base stations

firmware vulnerability

dictionary attack

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.006

Percentile

79.2%

JSON

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack.

Affected configurations

Nvd

Node

netgeararlo_base_station_firmwareRange≤1.7.5_6178

AND

netgearvmb30x0Match-

netgearvmk3xx0Match-

netgearvms3xx0Match-

Node

netgeararlo_q_camera_firmwareRange≤1.8.0_5551

AND

netgearvmc3040Match-

Node

netgeararlo_q_plus_camera_firmwareRange≤1.8.1_6094

AND

netgearvmc3040sMatch-

VendorProductVersionCPE
netgeararlo_base_station_firmware*cpe:2.3:o:netgear:arlo_base_station_firmware:*:*:*:*:*:*:*:*
netgearvmb30x0-cpe:2.3:h:netgear:vmb30x0:-:*:*:*:*:*:*:*
netgearvmk3xx0-cpe:2.3:h:netgear:vmk3xx0:-:*:*:*:*:*:*:*
netgearvms3xx0-cpe:2.3:h:netgear:vms3xx0:-:*:*:*:*:*:*:*
netgeararlo_q_camera_firmware*cpe:2.3:o:netgear:arlo_q_camera_firmware:*:*:*:*:*:*:*:*
netgearvmc3040-cpe:2.3:h:netgear:vmc3040:-:*:*:*:*:*:*:*
netgeararlo_q_plus_camera_firmware*cpe:2.3:o:netgear:arlo_q_plus_camera_firmware:*:*:*:*:*:*:*:*
netgearvmc3040s-cpe:2.3:h:netgear:vmc3040s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	arlo_base_station_firmware	*	cpe:2.3:o:netgear:arlo_base_station_firmware::::::::
netgear	vmb30x0	-	cpe:2.3:h:netgear:vmb30x0:-:::::::*
netgear	vmk3xx0	-	cpe:2.3:h:netgear:vmk3xx0:-:::::::*
netgear	vms3xx0	-	cpe:2.3:h:netgear:vms3xx0:-:::::::*
netgear	arlo_q_camera_firmware	*	cpe:2.3:o:netgear:arlo_q_camera_firmware::::::::
netgear	vmc3040	-	cpe:2.3:h:netgear:vmc3040:-:::::::*
netgear	arlo_q_plus_camera_firmware	*	cpe:2.3:o:netgear:arlo_q_plus_camera_firmware::::::::
netgear	vmc3040s	-	cpe:2.3:h:netgear:vmc3040s:-:::::::*

References

blog.newskysecurity.com/2016/09/brute-force-vulnerability-netgear-arlo/

kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability

www.securityfocus.com/bid/95266

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.006

Percentile

79.2%

JSON

Related for CVE-2016-10116