Qualys security researcher Mandar Jadhav has discovered two serious vulnerabilities in Netgear D6000 and D3600 modem routers, which can be exploited to gain access to the devices and to intercept traffic passing through them.
The vulnerabilities reside in the devices’ firmware, versions 220.127.116.11 and 18.104.22.168.
The first one (CVE-2015-8288) is due to the firmware containing a hard-coded RSA private key and a hard-coded X.509 certificate and key. An attacker that discovers this information can misuse it to gain administrator access to the device, implement man-in-the-middle attacks, or decrypt passively captured packets.
Original Source: Help Net Security
View the full story here.