Summary: The content discusses the discovery of multiple vulnerabilities in the Netgear WNR614 N300 router, which is no longer supported by the manufacturer but is still widely used in many environments.
Threat Actor: N/A
Victim: Home users and small businesses
Key Point :
- The Netgear WNR614 N300 router, which has reached end-of-life and is no longer supported, has been found to have six vulnerabilities ranging from authentication bypass to weak password policy.
- These vulnerabilities pose a severe threat to network security and sensitive user data.
- The router’s popularity among home users and small businesses means that many environments may still be using it, despite the lack of support from Netgear.
Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses.
The device reached end-of-life (EoL) and is no longer supported by Netgear but it’s still present in many environments due to its reliability, ease of use, and performance.
Researchers at RedFox Security discovered in the router six vulnerabilities that range from authentication bypass and weak password policy to storing passwords in plain text and Wi-Fi Protected Setup (WPS) PIN exposure:
CVE-2024-36787: allows an attacker to bypass authentication and access the administrative interface via unspecified vectors. The flaw enables unauthorized access to the router’s settings, posing a severe threat to network security and sensitive user data.
Source: RedFox
CVE-2024-36788: the router has improper setting of the HTTPOnly flag for cookies. An attacker could leverage the vulnerability to intercept and access sensitive communications between the router and the devices connecting to it.
CVE-2024-36789: allows attackers to create passwords that do not comply with proper security standards and even accept a single character as a password for the administrator account. This could lead to unauthorized access, network manipulation, and potential data exposure.
CVE-2024-36790: the router stores credentials in plain text, which makes it easy for an attacker to gain unauthorized access, manipulate the router, and expose sensitive data.
Source: RedFox
CVE-2024-36792: the implementation of the WPS Wi-Fi feature allows attackers to gain access to the router’s PIN. This exposes the router to potential unauthorized access and manipulation.
Source: RedFox
CVE-2024-36795: insecure permissions that allow attackers to access URLs and directories embedded within the router’s firmware. This heightens the risk of unauthorized network access and control.
Since the router has reached EoL, Netgear is not expected to release security updates for the vulnerabilities. If replacing the device is not an option at the moment, users are strongly advised to apply mitigatations that could help prevent attacks:
- Turn off remote management features to reduce the risk of unauthorized access.
- Use complex, long passwords and change them regularly.
- Separate the router from critical systems within the network to limit the impact of any potential breach.
- Ensure the router uses HTTPS and use browser settings that enforce HTTPS to secure all communications and protect against interception.
- Turn off WPS to prevent attackers from exploiting this feature and gaining unauthorized access.
- Switch to WPA3 for enhanced security over older protocols.
- Restrict access to the router’s administrative interface.
However, users that still rely on Netgear WNR614 should consider replacing it with a model that is actively supported by its manufacturer and provides better security.
“An interesting youtube video that may be related to the article above”