VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 28, 2020· Updated Aug 6, 2024

CVE-2016-11059

CVE-2016-11059

Description

Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Password exposure vulnerability in many NETGEAR devices allows unauthenticated information disclosure when remote management is enabled.

Vulnerability

Certain NETGEAR routers and gateways expose sensitive information when remote management is enabled. The vulnerability affects a wide range of models including AC1450, C6300, D500, D1500, D3600, D6000, D6100, D6200, D6200B, D6300B, D6300, DGN1000v3, DGN2200v1, DGN2200v3, DGN2200V4, DGN2200Bv3, DGN2200Bv4, DGND3700v1, DGND3700v2, DGND3700Bv2, JNR1010v1, JNR1010v2, JNR3300, JR6100, JR6150, JWNR2000v5, R2000, R6050, R6100, R6200, R6200v2, R6220, R6250, R6300, R6300v2, R6700, R7000, R7900, R7500, R8000, WGR614v10, WNR1000v2, WNR1000v3, WNR1000v4, WNR2000v3, WNR2000v4, WNR2000v5, WNR2200, WNR2500, WNR3500Lv2, WNDR3400v2, WNDR3400v3, WNDR3700v3, WNDR3700v4, WNDR3700v5, WNDR4300, WNDR4300v2, WNDR4500v1, WNDR4500v2, and WNDR4500v3 running firmware prior to 2017-01-06. The vulnerability stems from a lack of authentication on a specific request when remote management is enabled [1].

Exploitation

An attacker needs only network access to the device's WAN or LAN interface and must have remote management enabled (which is disabled by default). By sending a crafted, unauthenticated HTTP request to the device, the attacker can retrieve configuration data that includes the administrator password, device serial number, wireless network SSID and password, and information about connected clients [1].

Impact

Successful exploitation results in disclosure of the administrator password and other sensitive device information, potentially allowing the attacker to assume administrative control, modify settings, or access the internal network. This is a severe information disclosure vulnerability that compromises both confidentiality and integrity [1].

Mitigation

NETGEAR has released firmware updates for all affected devices with a build date after 2017-01-06. Users should update to the latest firmware available from NETGEAR's support site. As a workaround, ensure remote management is disabled (the default setting) and that WiFi security is enabled. Users can register their devices for future security notifications [1].

References
  1. NETGEAR Product Vulnerability Advisory: Authentication Bypass and Information Disclosure on Home Routers

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.