Details of VAR-201701-0496

ID

VAR-201701-0496

CVE

CVE-2016-10115

TITLE

plural NETGEAR Arlo Vulnerability to obtain access rights in products

Trust: 0.8

sources: JVNDB: JVNDB-2016-006593

DESCRIPTION

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration. NETGEARArlobasestations and so on are products of NETGEAR. ArloQcameras and ArloQPluscameras are wireless webcam devices; Arlobasestations is a base station used by ArloQcameras and ArloQPluscameras. This may lead to further attacks. Arlo Q cameras and Arlo Q Plus cameras are wireless network camera devices; Arlo base stations are a base station used by Arlo Q cameras and Arlo Q Plus cameras

Trust: 2.52

sources: NVD: CVE-2016-10115 // JVNDB: JVNDB-2016-006593 // CNVD: CNVD-2017-00165 // BID: 95265 // VULHUB: VHN-88859

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-00165

AFFECTED PRODUCTS

vendor:	netgear	model:	arlo q camera	scope:	lte	version:	1.8.0_5551	Trust: 1.0
vendor:	netgear	model:	arlo base station	scope:	lte	version:	1.7.5_6178	Trust: 1.0
vendor:	netgear	model:	arlo q plus camera	scope:	lte	version:	1.8.1_6094	Trust: 1.0
vendor:	netgear	model:	arlo q plus 1.8.1 6094	scope:	-	version:	-	Trust: 0.9
vendor:	netgear	model:	arlo q 1.8.0 5551	scope:	-	version:	-	Trust: 0.9
vendor:	netgear	model:	arlo base station 1.7.5 6178	scope:	-	version:	-	Trust: 0.9
vendor:	net gear	model:	arlo q plus	scope:	lte	version:	1.8.1_6094	Trust: 0.8
vendor:	net gear	model:	arlo q	scope:	lte	version:	1.8.0_5551	Trust: 0.8
vendor:	net gear	model:	arlo base station	scope:	lte	version:	1.7.5_6178	Trust: 0.8
vendor:	net gear	model:	vmb30x0	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	vmc3040	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	vmc3040s	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	vmk3xx0	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	vms3xx0	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	arlo q camera	scope:	eq	version:	1.8.0_5551	Trust: 0.6
vendor:	netgear	model:	arlo base station	scope:	eq	version:	1.7.5_6178	Trust: 0.6
vendor:	netgear	model:	arlo q plus camera	scope:	eq	version:	1.8.1_6094	Trust: 0.6

sources: CNVD: CNVD-2017-00165 // BID: 95265 // JVNDB: JVNDB-2016-006593 // CNNVD: CNNVD-201701-015 // NVD: CVE-2016-10115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10115
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-10115
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-00165
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201701-015
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-88859
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-10115
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-00165
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-88859
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-10115
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-00165 // VULHUB: VHN-88859 // JVNDB: JVNDB-2016-006593 // CNNVD: CNNVD-201701-015 // NVD: CVE-2016-10115

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-88859 // JVNDB: JVNDB-2016-006593 // NVD: CVE-2016-10115

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-015

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201701-015

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006593

PATCH

title:	Arlo WiFi Default Password Security Vulnerability	url:	http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability	Trust: 0.8
title:	Patches for multiple NETGEAR device permissions to obtain vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/87577	Trust: 0.6
title:	Multiple NETGEAR Repair measures for device security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66761	Trust: 0.6

sources: CNVD: CNVD-2017-00165 // JVNDB: JVNDB-2016-006593 // CNNVD: CNNVD-201701-015

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10115	Trust: 3.4
db:	BID	id:	95265	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-006593	Trust: 0.8
db:	CNNVD	id:	CNNVD-201701-015	Trust: 0.7
db:	CNVD	id:	CNVD-2017-00165	Trust: 0.6
db:	VULHUB	id:	VHN-88859	Trust: 0.1

sources: CNVD: CNVD-2017-00165 // VULHUB: VHN-88859 // BID: 95265 // JVNDB: JVNDB-2016-006593 // CNNVD: CNNVD-201701-015 // NVD: CVE-2016-10115

REFERENCES

url:	http://blog.newskysecurity.com/2016/09/factory_reset_vuln_in_netgear_arlo/	Trust: 3.4
url:	http://kb.netgear.com/30731/arlo-wifi-default-password-security-vulnerability	Trust: 2.0
url:	http://www.securityfocus.com/bid/95265	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10115	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10115	Trust: 0.8
url:	http://www.netgear.com	Trust: 0.3

sources: CNVD: CNVD-2017-00165 // VULHUB: VHN-88859 // BID: 95265 // JVNDB: JVNDB-2016-006593 // CNNVD: CNNVD-201701-015 // NVD: CVE-2016-10115

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 95265

SOURCES

db:	CNVD	id:	CNVD-2017-00165
db:	VULHUB	id:	VHN-88859
db:	BID	id:	95265
db:	JVNDB	id:	JVNDB-2016-006593
db:	CNNVD	id:	CNNVD-201701-015
db:	NVD	id:	CVE-2016-10115

LAST UPDATE DATE

2025-04-13T23:37:27.447000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-00165	date:	2017-01-06T00:00:00
db:	VULHUB	id:	VHN-88859	date:	2017-01-11T00:00:00
db:	BID	id:	95265	date:	2017-01-12T01:09:00
db:	JVNDB	id:	JVNDB-2016-006593	date:	2017-01-13T00:00:00
db:	CNNVD	id:	CNNVD-201701-015	date:	2017-01-05T00:00:00
db:	NVD	id:	CVE-2016-10115	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-00165	date:	2017-01-06T00:00:00
db:	VULHUB	id:	VHN-88859	date:	2017-01-04T00:00:00
db:	BID	id:	95265	date:	2017-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-006593	date:	2017-01-13T00:00:00
db:	CNNVD	id:	CNNVD-201701-015	date:	2017-01-05T00:00:00
db:	NVD	id:	CVE-2016-10115	date:	2017-01-04T08:59:00.147