Security News > 2024 > June > Netgear WNR614 flaws allow device takeover, no fix available
Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses.
An attacker could leverage the vulnerability to intercept and access sensitive communications between the router and the devices connecting to it.
CVE-2024-36790: the router stores credentials in plain text, which makes it easy for an attacker to gain unauthorized access, manipulate the router, and expose sensitive data.
CVE-2024-36792: the implementation of the WPS Wi-Fi feature allows attackers to gain access to the router's PIN. This exposes the router to potential unauthorized access and manipulation.
CVE-2024-36795: insecure permissions that allow attackers to access URLs and directories embedded within the router's firmware.
Since the router has reached EoL, Netgear is not expected to release security updates for the vulnerabilities.