5.9

CVE-2015-8288

EPSS 0.75%
Published 20.06.2016 01:59:00
Last modified 12.04.2025 10:46:40
Source cret@cert.org
Teams watchlist Login
Open Login

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ D3600 Firmware Version1.0.0.49

Netgear ≫ D3600 Version-

Netgear ≫ D6000 Firmware Version <= 1.0.0.49

Netgear ≫ D6000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.75%	0.707

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://kb.netgear.com/app/answers/detail/a_id/30560

Vendor Advisory

http://www.kb.cert.org/vuls/id/778696

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2015-8288

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8288

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8288

EUVD