Vulnerability Description
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | D3600 Firmware | 1.0.0.49 |
| Netgear | D3600 | - |
| Netgear | D6000 Firmware | <= 1.0.0.49 |
| Netgear | D6000 | - |
References
- http://kb.netgear.com/app/answers/detail/a_id/30560Vendor Advisory
- http://www.kb.cert.org/vuls/id/778696Third Party AdvisoryUS Government Resource
- http://kb.netgear.com/app/answers/detail/a_id/30560Vendor Advisory
- http://www.kb.cert.org/vuls/id/778696Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-8288?
CVE-2015-8288 is a vulnerability with a CVSS score of 5.9 (MEDIUM). NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote atta...
How severe is CVE-2015-8288?
CVE-2015-8288 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8288?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear D3600 Firmware, Netgear D3600, Netgear D6000 Firmware, Netgear D6000.