CVE-2015-8288

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
netgeard3600_firmware
1.0.0.49
netgeard6000_firmware
𝑥
≤ 1.0.0.49
𝑥
= Vulnerable software versions
References
http://kb.netgear.com/app/answers/detail/a_id/30560
http://www.kb.cert.org/vuls/id/778696
http://kb.netgear.com/app/answers/detail/a_id/30560
http://www.kb.cert.org/vuls/id/778696