Security News > 2024 > June > Netgear WNR614 flaws allow device takeover, no fix available
Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses.
An attacker could leverage the vulnerability to intercept and access sensitive communications between the router and the devices connecting to it.
CVE-2024-36790: the router stores credentials in plain text, which makes it easy for an attacker to gain unauthorized access, manipulate the router, and expose sensitive data.
CVE-2024-36792: the implementation of the WPS Wi-Fi feature allows attackers to gain access to the router's PIN. This exposes the router to potential unauthorized access and manipulation.
CVE-2024-36795: insecure permissions that allow attackers to access URLs and directories embedded within the router's firmware.
Since the router has reached EoL, Netgear is not expected to release security updates for the vulnerabilities.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-07 | CVE-2024-36792 | Unspecified vulnerability in Netgear Wnr614 Firmware 1.1.0.541.0.1 An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin. | 0.0 |
| 2024-06-07 | CVE-2024-36790 | Unspecified vulnerability in Netgear Wnr614 Firmware 1.1.0.541.0.1 Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. | 0.0 |
| 2024-06-06 | CVE-2024-36795 | Unspecified vulnerability in Netgear Wnr614 Firmware 1.1.0.541.0.1 Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. | 0.0 |