CVE-2015-8288

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Published: Jun 20, 2016
Updated: Apr 13, 2023
CVE: CVE-2015-8288
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
netgear / d3600_firmware	1.0.0.49	1.0.0.49.x
netgear / d6000_firmware	-	1.0.0.49.x

http://kb.netgear.com/app/answers/detail/a_id/30560
http://www.kb.cert.org/vuls/id/778696

Vulnerability Database

289,782

CVE-2015-8288