CVE-2016-11059 - Vulnerability Details

Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00322.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:netgear:ac1450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ac1450:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:c6300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:c6300:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:d1500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d1500:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:d500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d500:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:d6200b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6200b:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:d6300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6300:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netgear:d6300b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6300b:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netgear:dgn1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn1000:v3:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn2200:v1:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn2200:v3:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn2200b:v3:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn2200b:v4:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:netgear:dgnd3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgnd3700:v1:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:netgear:dgnd3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgnd3700:v2:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:netgear:dgnd3700b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgnd3700b:v2:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jnr1010:v1:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:netgear:jnr3300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:netgear:jr6100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jr6100:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:netgear:jwnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jwnr2000:v5:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:netgear:r2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:netgear:r6200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6200:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:netgear:r6200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6200:v2:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6300:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:netgear:wgr614_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wgr614:v10:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3400:v2:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3700:v3:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4500:v1:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4500:v2:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr1000:v2:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr1000:v3:*:*:*:*:*:*:*

Configuration 54 [-]

AND

cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000:v3:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000:v4:*:*:*:*:*:*:*

Configuration 57 [-]

AND

cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:netgear:wnr2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:netgear:wnr2500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2500:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Netgear Subscribe	Ac1450 Subscribe Ac1450 Firmware Subscribe C6300 Subscribe C6300 Firmware Subscribe D1500 Subscribe D1500 Firmware Subscribe D3600 Subscribe D3600 Firmware Subscribe D500 Subscribe D500 Firmware Subscribe D6000 Subscribe D6000 Firmware Subscribe D6100 Subscribe D6100 Firmware Subscribe D6200 Subscribe D6200 Firmware Subscribe D6200b Subscribe D6200b Firmware Subscribe D6300 Subscribe D6300 Firmware Subscribe D6300b Subscribe D6300b Firmware Subscribe Dgn1000 Subscribe Dgn1000 Firmware Subscribe Dgn2200 Subscribe Dgn2200 Firmware Subscribe Dgn2200b Subscribe Dgn2200b Firmware Subscribe Dgnd3700 Subscribe Dgnd3700 Firmware Subscribe Dgnd3700b Subscribe Dgnd3700b Firmware Subscribe Jnr1010 Subscribe Jnr1010 Firmware Subscribe Jnr3300 Subscribe Jnr3300 Firmware Subscribe Jr6100 Subscribe Jr6100 Firmware Subscribe Jr6150 Subscribe Jr6150 Firmware Subscribe Jwnr2000 Subscribe Jwnr2000 Firmware Subscribe R2000 Subscribe R2000 Firmware Subscribe R6050 Subscribe R6050 Firmware Subscribe R6100 Subscribe R6100 Firmware Subscribe R6200 Subscribe R6200 Firmware Subscribe R6220 Subscribe R6220 Firmware Subscribe R6250 Subscribe R6250 Firmware Subscribe R6300 Subscribe R6300 Firmware Subscribe R6700 Subscribe R6700 Firmware Subscribe R7000 Subscribe R7000 Firmware Subscribe R7500 Subscribe R7500 Firmware Subscribe R7900 Subscribe R7900 Firmware Subscribe R8000 Subscribe R8000 Firmware Subscribe Wgr614 Subscribe Wgr614 Firmware Subscribe Wndr3400 Subscribe Wndr3400 Firmware Subscribe Wndr3700 Subscribe Wndr3700 Firmware Subscribe Wndr4300 Subscribe Wndr4300 Firmware Subscribe Wndr4500 Subscribe Wndr4500 Firmware Subscribe Wnr1000 Subscribe Wnr1000 Firmware Subscribe Wnr2000 Subscribe Wnr2000 Firmware Subscribe Wnr2200 Subscribe Wnr2200 Firmware Subscribe Wnr2500 Subscribe Wnr2500 Firmware Subscribe Wnr3500l Subscribe Wnr3500l Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2016-2048	Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-28T16:20:22

Updated: 2024-08-06T03:47:34.858Z

Reserved: 2020-04-27T00:00:00

Link: CVE-2016-11059

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-28T17:15:12.460

Modified: 2024-11-21T02:45:24.220

Link: CVE-2016-11059

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-200

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object