CVE-2016-11059
CVE-2016-11059 is a high-severity vulnerability in Netgear Ac1450 Firmware with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-200.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- CVSS v2: 5.0
- EPSS exploit prediction: 1% (61st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-200
- Affected product: Netgear Ac1450 Firmware
- Published:
- Last modified:
Description
Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.
Frequently asked questions
- What is CVE-2016-11059?
- Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.
- How severe is CVE-2016-11059?
- CVE-2016-11059 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2016-11059 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (61st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2016-11059?
- CVE-2016-11059 primarily affects Netgear Ac1450 Firmware. In total, 43 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2016-11059?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2016-11059 published?
- CVE-2016-11059 was published on 2020-04-28 and last updated on 2026-06-17.
References
Affected products (43)
- cpe:2.3:o:netgear:ac1450_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:c6300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:d1500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:d500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:d6200b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:d6300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:d6300b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:dgn1000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:dgn2200b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:dgnd3700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:dgnd3700b_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:jnr3300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:jr6100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:jwnr2000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r2000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r6100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r6200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wgr614_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndr4300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wndr4500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wnr2000_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Netgear Ac1450 Firmware
- CVE-2017-18848 — High (CVSS 8.8): Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300…
- CVE-2019-17372 — High (CVSS 8.1): Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting…
- CVE-2017-5521 — High (CVSS 8.1): An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250,…
All CVEs affecting Netgear Ac1450 Firmware →
Other CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) vulnerabilities
- CVE-2026-27604 — Critical (CVSS 10.0): FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version…
- CVE-2026-40965 — Critical (CVSS 10.0): Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a…
- CVE-2026-42826 — Critical (CVSS 10.0): Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose…
- CVE-2025-29270 — Critical (CVSS 10.0): Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows…
- CVE-2025-61481 — Critical (CVSS 10.0): An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by…
- CVE-2025-53624 — Critical (CVSS 10.0): The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user.…
Browse all CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) vulnerabilities →