Sensitive Information Disclosure in NETGEAR D3600 and D6000 Products
CVE-2018-21136

4.6MEDIUM

Key Information:

Vendor: Netgear
Status: D3600 Firmware
Vendor: CVE Published:; 23 April 2020

What is CVE-2018-21136?

Certain NETGEAR modem routers, specifically the D3600 and D6000 models, are vulnerable to a security flaw that allows for the disclosure of sensitive information. This issue affects devices running firmware versions prior to 1.0.0.76, potentially exposing users to unauthorized data access or leakage. The vulnerability underscores the importance of timely firmware updates to safeguard personal and sensitive information from exploitation. For more detailed guidance, refer to the NETGEAR security advisory available on their knowledge base.

References

https://kb.netgear.com/000060224/Security-Advisory-for-Se...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2020
Vulnerability Reserved
Apr 20, 2020

Netgear

What is CVE-2018-21136?

References

CVSS V3.1

Timeline