Executive Summary

Title Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass
Name VU#778696 First vendor Publication 2016-06-10
Vendor VU-CERT Last vendor Modification 2016-07-01
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#778696

Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass

Original Release date: 10 Jun 2016 | Last revised: 01 Jul 2016


The Netgear D6000 and D3600 routers are vulnerable to authentication bypass and contain hard-coded cryptographic keys embedded in their firmware.


CWE-321: Use of Hard-coded Cryptographic Key -- CVE-2015-8288

The firmware for these devices contains a hard-coded RSA private key, as well as a hard-coded X.509 certificate and key. An attacker with knowledge of these keys could gain administrator access to the device, implement man-in-the-middle attacks, or decrypt passively captured packets.

CWE-288: Authentication Bypass Using an Alternate Path or Channel -- CVE-2015-8289

A remote attacker able to access the /cgi-bin/passrec.asp password recovery page may be able to view the administrator password in clear text by opening the source code of above page.

According to the reporter, these vulnerabilities affect firmware versions and running on Netgear model D6000 and D3600. Other models and firmware versions may also be impacted.


A remote unauthenticated attacker may be able to gain administrator access to the device, man-in-the-middle a victim on the network, or decrypt passively captured data.


Apply an update

Netgear has released firmware version on April 20th, 2016 to address these issues. Affected users are encouraged to update the device's firmware as soon as possible. Netgear has also created Knowledgebase articles about these issues; please see the URLs in the References section below.

Affected users might also consider the following workarounds:

Restrict network access

Restrict network access to the Netgear device's system web interface and other devices using open protocols like HTTP. Consult your firewall product's manual for more information.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Netgear, Inc.Affected15 Jan 201501 Jul 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)



  • http://kb.netgear.com/app/answers/detail/a_id/30490
  • http://kb.netgear.com/app/answers/detail/a_id/30560


Thanks to Mandar Jadhav of Qualys for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-8288CVE-2015-8289
  • Date Public:10 Jun 2016
  • Date First Published:10 Jun 2016
  • Date Last Updated:01 Jul 2016
  • Document Revision:40


If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/778696

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-255 Credentials Management
50 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

Os 1
Os 2

Snort® IPS/IDS

Date Description
2016-08-09 Netgear D6000 or D3600 password recovery page access attempt
RuleID : 39444 - Revision : 2 - Type : INDICATOR-COMPROMISE

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-07-01 21:23:48
  • Multiple Updates
2016-06-21 21:38:32
  • Multiple Updates
2016-06-20 09:43:28
  • Multiple Updates
2016-06-14 00:25:21
  • Multiple Updates
2016-06-10 21:24:38
  • Multiple Updates
2016-06-10 17:23:13
  • First insertion