Hardcoded Private Key Vulnerability in NETGEAR D3600 and D6000 Devices

Hardcoded Private Key Vulnerability in NETGEAR D3600 and D6000 Devices

CVE-2015-8288 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

Learn more about our Web Application Penetration Testing UK.