Home  >  CVE-2015-8288
CVE Details for CVE: CVE-2015-8288
Summary
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Timestamps
Last major update 21-06-2016 - 22:28
Published 20-06-2016 - 01:59
Last modified 21-06-2016 - 22:28
References
Vulnerable Configurations
  • cpe:2.3:o:netgear:d3600_firmware:1.0.0.49:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:d3600_firmware:1.0.0.49:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netgear:d6000_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:d6000_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netgear:d6000_firmware:1.0.0.49:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:d6000_firmware:1.0.0.49:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
NVD-CWE-Other
CVSS
Base
4.3
Impact
2.9
Exploitability
8.6
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
CVSS3
Base
5.9
Impact
3.6
Exploitability
2.2
Access
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
HIGH NETWORK NONE UNCHANGED NONE
Impact
ConfidentialityIntegrityAvailability
HIGH NONE NONE
VIA4 references
cvss-vector via4
AV:N/AC:M/Au:N/C:P/I:N/A:N
cvss3-vector via4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
refmap via4
cert-vn VU#778696
confirm http://kb.netgear.com/app/answers/detail/a_id/30560