CVE-2016-10115

Name of the Vulnerable Software and Affected Versions NETGEAR Arlo base stations versions 1.7.5 6178 and earlier NETGEAR Arlo Q devices versions 1.8.0 5551 and earlier NETGEAR Arlo Q Plus devices versions 1.8.1 6094 and earlier

Description The issue is related to the use of predefined credentials, specifically a default password 12345678, in the firmware of NETGEAR Arlo base stations and wireless cameras, including NETGEAR Arlo Q and NETGEAR Arlo Q Plus. This allows a remote attacker to gain access to the device, particularly after a factory reset or when the device is in its factory configuration.

Recommendations For NETGEAR Arlo base stations versions 1.7.5 6178 and earlier, update the firmware to a version later than 1.7.5 6178 to change the default password. For NETGEAR Arlo Q devices versions 1.8.0 5551 and earlier, update the firmware to a version later than 1.8.0 5551 to change the default password. For NETGEAR Arlo Q Plus devices versions 1.8.1 6094 and earlier, update the firmware to a version later than 1.8.1 6094 to change the default password. As a temporary workaround, consider changing the default password 12345678 to a strong, unique password until a firmware update is available.