Netgear WNR614 flaws allow device takeover, no fix available
Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses.
The device reached end-of-life (EoL) and is no longer supported by Netgear but it's still present in many environments due to its reliability, ease of use, and performance.
Researchers at RedFox Security discovered in the router six vulnerabilities that range from authentication bypass and weak password policy to storing passwords in plain text and Wi-Fi Protected Setup (WPS) PIN exposure:
CVE-2024-36787: allows an attacker to bypass authentication and access the administrative interface via unspecified vectors. The flaw enables unauthorized access to the router's settings, posing a severe threat to network security and sensitive user data.
CVE-2024-36788: the router has improper setting of the HTTPOnly flag for cookies. An attacker could leverage the vulnerability to intercept and access sensitive communications between the router and the devices connecting to it.
CVE-2024-36789: allows attackers to create passwords that do not comply with proper security standards and even accept a single character as a password for the administrator account. This could lead to unauthorized access, network manipulation, and potential data exposure.
CVE-2024-36790: the router stores credentials in plain text, which makes it easy for an attacker to gain unauthorized access, manipulate the router, and expose sensitive data.
CVE-2024-36792: the implementation of the WPS Wi-Fi feature allows attackers to gain access to the router's PIN. This exposes the router to potential unauthorized access and manipulation.
CVE-2024-36795: insecure permissions that allow attackers to access URLs and directories embedded within the router's firmware. This heightens the risk of unauthorized network access and control.
Since the router has reached EoL, Netgear is not expected to release security updates for the vulnerabilities. If replacing the device is not an option at the moment, users are strongly advised to apply mitigatations that could help prevent attacks:
- Turn off remote management features to reduce the risk of unauthorized access.
- Use complex, long passwords and change them regularly.
- Separate the router from critical systems within the network to limit the impact of any potential breach.
- Ensure the router uses HTTPS and use browser settings that enforce HTTPS to secure all communications and protect against interception.
- Turn off WPS to prevent attackers from exploiting this feature and gaining unauthorized access.
- Switch to WPA3 for enhanced security over older protocols.
- Restrict access to the router's administrative interface.
However, users that still rely on Netgear WNR614 should consider replacing it with a model that is actively supported by its manufacturer and provides better security.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024