CVE-2015-8289

Name of the Vulnerable Software and Affected Versions NETGEAR D3600 version 1.0.0.49 NETGEAR D6000 versions 1.0.0.49 and earlier

Description The issue concerns the password-recovery feature, which allows remote attackers to discover the cleartext administrator password by reading the HTML source code of the "cgi-bin/passrec.asp" page.

Recommendations For NETGEAR D3600 version 1.0.0.49, update the firmware to a version that fixes this issue. For NETGEAR D6000 versions 1.0.0.49 and earlier, update the firmware to a version that fixes this issue. As a temporary workaround, consider restricting access to the cgi-bin/passrec.asp page until a patch is available.