CVE-2015-8289
published 2016-06-20CVE-2015-8289: The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to…
high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | d3600_firmware | — | — |
| netgear | d6000_firmware | <= 1.0.0.49 | — |