Description
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/778696
Vendor Advisory x_refsource_confirm
http://kb.netgear.com/app/answers/detail/a_id/30560
Scores
CVSS v3
5.9
EPSS
0.0059
EPSS Percentile
69.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (2)
netgear/d3600_firmware
1.0.0.49
netgear/d6000_firmware
< 1.0.0.49
Published
Jun 20, 2016
Tracked Since
Feb 18, 2026