CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
80.0%
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration.
Vendor | Product | Version | CPE |
---|---|---|---|
netgear | arlo_base_station_firmware | * | cpe:2.3:o:netgear:arlo_base_station_firmware:*:*:*:*:*:*:*:* |
netgear | vmb30x0 | - | cpe:2.3:h:netgear:vmb30x0:-:*:*:*:*:*:*:* |
netgear | vmk3xx0 | - | cpe:2.3:h:netgear:vmk3xx0:-:*:*:*:*:*:*:* |
netgear | vms3xx0 | - | cpe:2.3:h:netgear:vms3xx0:-:*:*:*:*:*:*:* |
netgear | arlo_q_camera_firmware | * | cpe:2.3:o:netgear:arlo_q_camera_firmware:*:*:*:*:*:*:*:* |
netgear | vmc3040 | - | cpe:2.3:h:netgear:vmc3040:-:*:*:*:*:*:*:* |
netgear | arlo_q_plus_camera_firmware | * | cpe:2.3:o:netgear:arlo_q_plus_camera_firmware:*:*:*:*:*:*:*:* |
netgear | vmc3040s | - | cpe:2.3:h:netgear:vmc3040s:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
80.0%