Researchers discovered half a dozen vulnerabilities of various severity impacting Netgear WNR614 N300, a budget-friendly router that proved fashionable amongst dwelling customers and small companies.
The system reached end-of-life (EoL) and is now not supported by Netgear however it’s nonetheless current in lots of environments resulting from its reliability, ease of use, and efficiency.
Researchers at RedFox Safety found within the router six vulnerabilities that vary from authentication bypass and weak password coverage to storing passwords in plain textual content and Wi-Fi Protected Setup (WPS) PIN publicity:
CVE-2024-36787: permits an attacker to bypass authentication and entry the executive interface by way of unspecified vectors. The flaw permits unauthorized entry to the router’s settings, posing a extreme risk to community safety and delicate consumer knowledge.
Supply: RedFox
CVE-2024-36788: the router has improper setting of the HTTPOnly flag for cookies. An attacker might leverage the vulnerability to intercept and entry delicate communications between the router and the units connecting to it.
CVE-2024-36789: permits attackers to create passwords that don’t adjust to correct safety requirements and even settle for a single character as a password for the administrator account. This might result in unauthorized entry, community manipulation, and potential knowledge publicity.
CVE-2024-36790: the router shops credentials in plain textual content, which makes it straightforward for an attacker to achieve unauthorized entry, manipulate the router, and expose delicate knowledge.
Supply: RedFox
CVE-2024-36792: the implementation of the WPS Wi-Fi function permits attackers to achieve entry to the router’s PIN. This exposes the router to potential unauthorized entry and manipulation.
Supply: RedFox
CVE-2024-36795: insecure permissions that permit attackers to entry URLs and directories embedded inside the router’s firmware. This heightens the chance of unauthorized community entry and management.
Because the router has reached EoL, Netgear shouldn’t be anticipated to launch safety updates for the vulnerabilities. If changing the system shouldn’t be an choice in the meanwhile, customers are strongly suggested to use mitigatations that would assist stop assaults:
- Flip off distant administration options to scale back the chance of unauthorized entry.
- Use advanced, lengthy passwords and alter them frequently.
- Separate the router from crucial methods inside the community to restrict the affect of any potential breach.
- Make sure the router makes use of HTTPS and use browser settings that implement HTTPS to safe all communications and defend in opposition to interception.
- Flip off WPS to forestall attackers from exploiting this function and gaining unauthorized entry.
- Change to WPA3 for enhanced safety over older protocols.
- Prohibit entry to the router’s administrative interface.
Nonetheless, customers that also depend on Netgear WNR614 ought to think about changing it with a mannequin that’s actively supported by its producer and offers higher safety.
