CVE-2015-8288

Vulnerability

The vulnerability affects NETGEAR D3600 devices running firmware version 1.0.0.49 and D6000 devices running firmware version 1.0.0.49 or earlier [1]. The routers' firmware contains a hardcoded RSA private key, as well as a hardcoded X.509 certificate and key [1]. This is a use of hard-coded cryptographic key (CWE-321) that is identical across different customers' installations, allowing an attacker with knowledge of this key to defeat cryptographic protection mechanisms [1][2].

Exploitation

An attacker needs knowledge of the hardcoded cryptographic key, which is publicly obtainable from the firmware or another installation [1]. If the attacker can access the internal network, or if remote management is enabled on the router, they can exploit the vulnerability [2]. The attacker does not require authentication to the device. With the key, the attacker can perform man-in-the-middle attacks, decrypt passively captured network traffic, or impersonate the device's web interface [1][2].

Impact

A successful attack allows a remote unauthenticated attacker to gain administrator access to the device, perform man-in-the-middle attacks against victims on the network, or decrypt previously captured encrypted traffic [1]. This compromises confidentiality and integrity of communications, and can lead to full administrative control of the router [1][2].

Mitigation

NETGEAR released firmware version 1.0.0.59 on April 20, 2016 to address these issues [1][2]. Affected users should update the device's firmware to version 1.0.0.59 or later [2]. As a workaround, restrict network access to the router's web interface and other devices using open protocols like HTTP [1]. There is no indication that this CVE is listed in the Known Exploited Vulnerabilities (KEV) catalog.