1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Netgear removes crypto keys hard-coded in routers

Discussion in 'Help Net Security' started by RSS, Jun 14, 2016.

  1. RSS

    RSS New Member Member

    Qualys security researcher Mandar Jadhav has discovered two serious vulnerabilities in Netgear D6000 and D3600 modem routers, which can be exploited to gain access to the devices and to intercept traffic passing through them. The vulnerabilities reside in the devices’ firmware, versions 1.0.0.47 and 1.0.0.49. The first one (CVE-2015-8288) is due to the firmware containing a hard-coded RSA private key and a hard-coded X.509 certificate and key. An attacker that discovers this information can misuse … More →

    Continue reading...
     

Share This Page