Netgear WNR614 flaws allow device takeover, no fix available

2024-06-10 21:38

Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses.

An attacker could leverage the vulnerability to intercept and access sensitive communications between the router and the devices connecting to it.

CVE-2024-36790: the router stores credentials in plain text, which makes it easy for an attacker to gain unauthorized access, manipulate the router, and expose sensitive data.

CVE-2024-36792: the implementation of the WPS Wi-Fi feature allows attackers to gain access to the router's PIN. This exposes the router to potential unauthorized access and manipulation.

CVE-2024-36795: insecure permissions that allow attackers to access URLs and directories embedded within the router's firmware.

Since the router has reached EoL, Netgear is not expected to release security updates for the vulnerabilities.

News URL

https://www.bleepingcomputer.com/news/security/netgear-wnr614-flaws-allow-device-takeover-no-fix-available/

#netgear #takeover #CVE-2024-36790 #CVE-2024-36792 #CVE-2024-36795

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE
2024-06-07	CVE-2024-36792	An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin.
2024-06-07	CVE-2024-36790	Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.
2024-06-06	CVE-2024-36795	Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Netgear		756	222	618	156	90	1086