CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-8289

The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 72.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 4.3

References

http://kb.netgear.com/app/answers/detail/a_id/30490
http://www.kb.cert.org/vuls/id/778696
http://kb.netgear.com/app/answers/detail/a_id/30490
http://www.kb.cert.org/vuls/id/778696

Products affected by CVE-2015-8289

Netgear » D3600 » Version: N/A

cpe:2.3:h:netgear:d3600:-
Netgear » D6000 » Version: N/A

cpe:2.3:h:netgear:d6000:-
Netgear » D3600 Firmware » Version: 1.0.0.49

cpe:2.3:o:netgear:d3600_firmware:1.0.0.49
Netgear » D6000 Firmware » Version: N/A

cpe:2.3:o:netgear:d6000_firmware:-
Netgear » D6000 Firmware » Version: 1.0.0.49

cpe:2.3:o:netgear:d6000_firmware:1.0.0.49

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-8289

Products

Pricing

Contact Us