CVE-2016-11059 — HIGH (7.5)

Q: How severe is CVE-2016-11059?

CVE-2016-11059 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-11059?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Ac1450 Firmware, Netgear Ac1450, Netgear C6300 Firmware, Netgear C6300, Netgear D1500 Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Netgear	Ac1450 Firmware	< 2017-01-06
Netgear	Ac1450	-
Netgear	C6300 Firmware	< 2017-01-06
Netgear	C6300	-
Netgear	D1500 Firmware	< 2017-01-06
Netgear	D1500	-
Netgear	D3600 Firmware	< 2017-01-06
Netgear	D3600	-
Netgear	D500 Firmware	< 2017-01-06
Netgear	D500	-
Netgear	D6000 Firmware	< 2017-01-06
Netgear	D6000	-
Netgear	D6100 Firmware	< 2017-01-06
Netgear	D6100	-
Netgear	D6200 Firmware	< 2017-01-06
Netgear	D6200	-
Netgear	D6200B Firmware	< 2017-01-06
Netgear	D6200B	-
Netgear	D6300 Firmware	< 2017-01-06
Netgear	D6300	-

Related Weaknesses (CWE)

CWE-200

References

https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-AuthenticatiVendor Advisory
https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-AuthenticatiVendor Advisory

FAQ

What is CVE-2016-11059?

CVE-2016-11059 is a vulnerability with a CVSS score of 7.5 (HIGH). Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D60...

How severe is CVE-2016-11059?

CVE-2016-11059 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-11059?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Ac1450 Firmware, Netgear Ac1450, Netgear C6300 Firmware, Netgear C6300, Netgear D1500 Firmware.