CVE-2015-8288
low-risk
Published 2016-06-20
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Do I need to act?
-
0.59% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10
Medium
NETWORK
/ HIGH complexity
Affected Products (2)
Affected Vendors
References (4)
Vendor Advisory
http://kb.netgear.com/app/answers/detail/a_id/30560
Third Party Advisory
http://www.kb.cert.org/vuls/id/778696
Vendor Advisory
http://kb.netgear.com/app/answers/detail/a_id/30560
Third Party Advisory
http://www.kb.cert.org/vuls/id/778696
27
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
2/34 · Minimal
Exposure
7/34 · Low