Security News > 2024 > June > Netgear WNR614 flaws allow device takeover, no fix available

Netgear WNR614 flaws allow device takeover, no fix available
2024-06-10 21:38

Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses.

An attacker could leverage the vulnerability to intercept and access sensitive communications between the router and the devices connecting to it.

CVE-2024-36790: the router stores credentials in plain text, which makes it easy for an attacker to gain unauthorized access, manipulate the router, and expose sensitive data.

CVE-2024-36792: the implementation of the WPS Wi-Fi feature allows attackers to gain access to the router's PIN. This exposes the router to potential unauthorized access and manipulation.

CVE-2024-36795: insecure permissions that allow attackers to access URLs and directories embedded within the router's firmware.

Since the router has reached EoL, Netgear is not expected to release security updates for the vulnerabilities.


News URL

https://www.bleepingcomputer.com/news/security/netgear-wnr614-flaws-allow-device-takeover-no-fix-available/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Netgear 502 8 474 462 149 1093