Authentication Vulnerability in NETGEAR Arlo Base Stations and Devices
CVE-2016-10116

8.1HIGH

Key Information:

Vendor
Netgear
Status
Arlo Base Station Firmware
Vendor
CVE Published:
4 January 2017

Summary

NETGEAR Arlo devices, including base stations and cameras, are vulnerable due to their use of a predictable pattern in customized passwords. This flaw allows remote attackers to exploit the devices through dictionary attacks, potentially gaining unauthorized access. Affected firmware versions lack adequate defense against brute force attempts, making it crucial for users to change default passwords and apply necessary updates to mitigate security risks.

References

http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Se...
x_refsource_MISC
http://www.securityfocus.com/bid/95266
vdb-entryx_refsource_BID
http://blog.newskysecurity.com/2016/09/brute-force-vulner...
x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.