CVE-2016-11059

Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:ac1450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ac1450:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:c6300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:c6300:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:d1500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d1500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:d500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d500:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:d6200b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6200b:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:d6300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6300:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:d6300b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6300b:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:dgn1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn1000:v3:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn2200:v1:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn2200:v3:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn2200:v4:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn2200b:v3:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgn2200b:v4:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netgear:dgnd3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgnd3700:v1:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netgear:dgnd3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgnd3700:v2:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:netgear:dgnd3700b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:dgnd3700b:v2:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jnr1010:v1:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:netgear:jnr3300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:netgear:jr6100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jr6100:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:netgear:jwnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jwnr2000:v5:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:netgear:r2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:netgear:r6200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6200:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:netgear:r6200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6200:v2:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6300:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:netgear:wgr614_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wgr614:v10:*:*:*:*:*:*:*

Configuration 42 (hide)

AND

cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3400:v2:*:*:*:*:*:*:*

Configuration 43 (hide)

AND

cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*

Configuration 44 (hide)

AND

cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3700:v3:*:*:*:*:*:*:*

Configuration 45 (hide)

AND

cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3700:v4:*:*:*:*:*:*:*

Configuration 46 (hide)

AND

cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*

Configuration 47 (hide)

AND

cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND

cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4300:v2:*:*:*:*:*:*:*

Configuration 49 (hide)

AND

cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4500:v1:*:*:*:*:*:*:*

Configuration 50 (hide)

AND

cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4500:v2:*:*:*:*:*:*:*

Configuration 51 (hide)

AND

cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wndr4500:v3:*:*:*:*:*:*:*

Configuration 52 (hide)

AND

cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr1000:v2:*:*:*:*:*:*:*

Configuration 53 (hide)

AND

cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr1000:v3:*:*:*:*:*:*:*

Configuration 54 (hide)

AND

cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*

Configuration 55 (hide)

AND

cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000:v3:*:*:*:*:*:*:*

Configuration 56 (hide)

AND

cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000:v4:*:*:*:*:*:*:*

Configuration 57 (hide)

AND

cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2000:v5:*:*:*:*:*:*:*

Configuration 58 (hide)

AND

cpe:2.3:o:netgear:wnr2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:*

Configuration 59 (hide)

AND

cpe:2.3:o:netgear:wnr2500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2500:-:*:*:*:*:*:*:*

Configuration 60 (hide)

AND

cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-28 17:15

Updated : 2024-02-04 21:00

NVD link : CVE-2016-11059

Mitre link : CVE-2016-11059

CVE.ORG link : CVE-2016-11059

JSON object : View

Products Affected

netgear

r6700_firmware
wnr2200
jnr1010
d6100
r7000
dgn1000_firmware
d6300
jr6150
wnr2000
r6200_firmware
wgr614_firmware
r8000_firmware
r7500_firmware
wndr3400
dgnd3700b
r6220
wndr3700
dgn2200
jwnr2000_firmware
d6200_firmware
r6200
wndr4500_firmware
wnr1000
r6700
r2000_firmware
wndr4300
wndr4500
r6300_firmware
r6050_firmware
wndr3400_firmware
dgn2200b
jr6100_firmware
d3600
d3600_firmware
d500
wnr2000_firmware
wnr1000_firmware
r6100_firmware
r6220_firmware
dgn2200_firmware
jwnr2000
wndr3700_firmware
d6200
r7900_firmware
d1500
dgn2200b_firmware
c6300
d6300_firmware
r7500
r7900
wndr4300_firmware
r6250_firmware
d6300b_firmware
d6000_firmware
jr6100
wnr2200_firmware
jnr3300_firmware
wnr2500
r7000_firmware
r6300
d6100_firmware
d6000
r2000
r6100
wnr3500l_firmware
ac1450_firmware
ac1450
d1500_firmware
c6300_firmware
d6200b
wnr3500l
r6250
jnr3300
wgr614
jnr1010_firmware
dgn1000
d6300b
wnr2500_firmware
dgnd3700_firmware
r8000
d500_firmware
jr6150_firmware
d6200b_firmware
dgnd3700b_firmware
dgnd3700
r6050

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2016-11059

7.5^/10

5.0^/10

Attach tags to `CVE-2016-11059`