Описание
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Комментарий
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:netgear:d3600_firmware:1.0.0.49:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.0.0.49 (включая)
Одновременно
cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00586
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 5.9
github
больше 3 лет назад
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
EPSS
Процентиль: 68%
0.00586
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other