PT-2017-7742 · NetGear · Netgear Arlo Q+2
Published
2017-01-04
·
Updated
2017-01-11
·
CVE-2016-10116
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
NETGEAR Arlo base stations versions 1.7.5 6178 and earlier
NETGEAR Arlo Q devices versions 1.8.0 5551 and earlier
NETGEAR Arlo Q Plus devices versions 1.8.1 6094 and earlier
Description
The issue allows remote attackers to obtain access via a dictionary attack because the customized password uses a predictable pattern of adjective, noun, and three-digit number.
Recommendations
For NETGEAR Arlo base stations versions 1.7.5 6178 and earlier, update the firmware to a version later than 1.7.5 6178.
For NETGEAR Arlo Q devices versions 1.8.0 5551 and earlier, update the firmware to a version later than 1.8.0 5551.
For NETGEAR Arlo Q Plus devices versions 1.8.1 6094 and earlier, update the firmware to a version later than 1.8.1 6094.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Arlo Q
Netgear Arlo Q Plus
Netgear Arlo Base Stations