The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
References
Link | Resource |
---|---|
http://kb.netgear.com/app/answers/detail/a_id/30490 | Vendor Advisory |
http://www.kb.cert.org/vuls/id/778696 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2016-06-20T01:00:00
Updated: 2016-06-20T01:57:01
Reserved: 2015-11-19T00:00:00
Link: CVE-2015-8289
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-06-20T01:59:01.133
Modified: 2016-06-21T22:02:48.737
Link: CVE-2015-8289
JSON object: View
Redhat Information
No data.