Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available
Redfox Security has uncovered a series of critical vulnerabilities in the popular Netgear WNR614 N300 router, exposing users to significant security risks. The vulnerabilities, ranging from authentication bypass to password policy circumvention and insecure storage of sensitive data, could enable attackers to gain unauthorized access to networks and compromise user information.
The security firm identified six vulnerabilities in the Netgear WNR614 JNR1010V2 N300 router running firmware version V1.1.0.54_1.0.1. These vulnerabilities affect core security mechanisms, including authentication, cookie handling, password management, and data storage.
Specifically, attackers could exploit these flaws to bypass authentication, intercept sensitive communications, create weak passwords, access stored credentials in plaintext, expose WPS PINs, and access URLs and directories embedded within the firmware.
- Improper Authentication / Broken Access Control (CVE-2024-36787)
- Cookie Without HTTPOnly / Secure Flag Set (CVE-2024-36788)
- Password Policy Bypass (CVE-2024-36789)
- Password Storage in Plaintext / Incorrect Access Control / Cleartext Storage of Sensitive Information / Information Disclosure (CVE-2024-36790)
- WPS PIN Exposure (CVE-2024-36792)
- Insecure Permissions (CVE-2024-36795)
The Netgear WNR614 N300 router reached its End of Service (EOS) in 2021, meaning it no longer receives security updates or support from the manufacturer. This leaves users with limited options for mitigating the identified vulnerabilities.
Redfox Security recommends disabling remote management, using strong passwords, and implementing network segmentation as temporary measures. However, the most effective solution is to replace the router with a model that is still actively supported and maintained by Netgear.
Given the severity of the vulnerabilities and the widespread use of the Netgear WNR614 router, users are strongly urged to take immediate action. Those who cannot replace their routers should apply the recommended mitigations and remain vigilant for any suspicious activity on their networks.
