CVE-2015-8288

EUVD-2015-8176
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
netgeard3600_firmware
1.0.0.49
netgeard6000_firmware
𝑥
≤ 1.0.0.49
𝑥
= Vulnerable software versions
References
http://kb.netgear.com/app/answers/detail/a_id/30560
http://www.kb.cert.org/vuls/id/778696
http://kb.netgear.com/app/answers/detail/a_id/30560
http://www.kb.cert.org/vuls/id/778696