High severity8.1NVD Advisory· Published Jan 4, 2017· Updated May 6, 2026

CVE-2016-10116

Description

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack.

Affected products

Netgear/Arlo Base Station Firmware
cpe:2.3:o:netgear:arlo_base_station_firmware:*:*:*:*:*:*:*:*
Range: <=1.7.5_6178
Netgear/Arlo Q Camera Firmware
cpe:2.3:o:netgear:arlo_q_camera_firmware:*:*:*:*:*:*:*:*
Range: <=1.8.0_5551
Netgear/Arlo Q Plus Camera Firmware
cpe:2.3:o:netgear:arlo_q_plus_camera_firmware:*:*:*:*:*:*:*:*
Range: <=1.8.1_6094

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.newskysecurity.com/2016/09/brute-force-vulnerability-netgear-arlo/nvdThird Party Advisory
kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-VulnerabilitynvdMitigationVendor Advisory
www.securityfocus.com/bid/95266nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000