Lucene search

MitreCVE-2016-10115

HistoryJan 04, 2017 - 8:59 a.m.

CVE-2016-10115

2017-01-0408:59:00

CWE-798

mitre

web.nvd.nist.gov

netgear

arlo

firmware

default password

vulnerability

remote access

factory reset

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.007

Percentile

80.0%

JSON

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration.

Affected configurations

Nvd

Node

netgeararlo_base_station_firmwareRange≤1.7.5_6178

AND

netgearvmb30x0Match-

netgearvmk3xx0Match-

netgearvms3xx0Match-

Node

netgeararlo_q_camera_firmwareRange≤1.8.0_5551

AND

netgearvmc3040Match-

Node

netgeararlo_q_plus_camera_firmwareRange≤1.8.1_6094

AND

netgearvmc3040sMatch-

VendorProductVersionCPE
netgeararlo_base_station_firmware*cpe:2.3:o:netgear:arlo_base_station_firmware:*:*:*:*:*:*:*:*
netgearvmb30x0-cpe:2.3:h:netgear:vmb30x0:-:*:*:*:*:*:*:*
netgearvmk3xx0-cpe:2.3:h:netgear:vmk3xx0:-:*:*:*:*:*:*:*
netgearvms3xx0-cpe:2.3:h:netgear:vms3xx0:-:*:*:*:*:*:*:*
netgeararlo_q_camera_firmware*cpe:2.3:o:netgear:arlo_q_camera_firmware:*:*:*:*:*:*:*:*
netgearvmc3040-cpe:2.3:h:netgear:vmc3040:-:*:*:*:*:*:*:*
netgeararlo_q_plus_camera_firmware*cpe:2.3:o:netgear:arlo_q_plus_camera_firmware:*:*:*:*:*:*:*:*
netgearvmc3040s-cpe:2.3:h:netgear:vmc3040s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	arlo_base_station_firmware	*	cpe:2.3:o:netgear:arlo_base_station_firmware::::::::
netgear	vmb30x0	-	cpe:2.3:h:netgear:vmb30x0:-:::::::*
netgear	vmk3xx0	-	cpe:2.3:h:netgear:vmk3xx0:-:::::::*
netgear	vms3xx0	-	cpe:2.3:h:netgear:vms3xx0:-:::::::*
netgear	arlo_q_camera_firmware	*	cpe:2.3:o:netgear:arlo_q_camera_firmware::::::::
netgear	vmc3040	-	cpe:2.3:h:netgear:vmc3040:-:::::::*
netgear	arlo_q_plus_camera_firmware	*	cpe:2.3:o:netgear:arlo_q_plus_camera_firmware::::::::
netgear	vmc3040s	-	cpe:2.3:h:netgear:vmc3040s:-:::::::*

References

blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/

kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability

www.securityfocus.com/bid/95265

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.007

Percentile

80.0%

JSON

Related for CVE-2016-10115