Critical severity9.8NVD Advisory· Published Jan 4, 2017· Updated May 6, 2026

CVE-2016-10115

Description

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration.

Affected products

Netgear/Arlo Base Station Firmware
cpe:2.3:o:netgear:arlo_base_station_firmware:*:*:*:*:*:*:*:*
Range: <=1.7.5_6178
Netgear/Arlo Q Camera Firmware
cpe:2.3:o:netgear:arlo_q_camera_firmware:*:*:*:*:*:*:*:*
Range: <=1.8.0_5551
Netgear/Arlo Q Plus Camera Firmware
cpe:2.3:o:netgear:arlo_q_plus_camera_firmware:*:*:*:*:*:*:*:*
Range: <=1.8.1_6094

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/nvdThird Party Advisory
kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-VulnerabilitynvdMitigationVendor Advisory
www.securityfocus.com/bid/95265nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000