| Vulnerability Name: | CVE-2015-8288 (CCN-113990) | ||||||||||||
| Assigned: | 2015-11-19 | ||||||||||||
| Published: | 2016-06-09 | ||||||||||||
| Updated: | 2016-06-21 | ||||||||||||
| Summary: | NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. CWE-321: Use of Hard-coded Cryptographic Key | ||||||||||||
| CVSS v3 Severity: | 5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-8288 Source: CCN Type: NETGEAR Web site CVE-2015-8288 - Use of Hard-coded Cryptographic Key Source: CONFIRM Type: Vendor Advisory http://kb.netgear.com/app/answers/detail/a_id/30560 Source: CCN Type: US-CERT VU#778696 Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#778696 Source: XF Type: UNKNOWN netgear-cve20158288-sec-bypass(113990) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||