June 10, 2024 at 05:39PM
Researchers at RedFox Security discovered six vulnerabilities in the popular but unsupported Netgear WNR614 N300 router. The vulnerabilities include authentication bypass, weak password policy, plain text password storage, and WPS PIN exposure. With no security updates expected, users are advised to apply mitigations or replace the device with a supported and more secure model.
From the meeting notes, I have gathered that the Netgear WNR614 N300 router has been found to have several vulnerabilities, ranging from authentication bypass and weak password policies to storing passwords in plain text and Wi-Fi Protected Setup (WPS) PIN exposure. The device has reached end-of-life (EoL) and is no longer supported by Netgear, but remains in use due to its popularity and reliability.
The six vulnerabilities are as follows:
– CVE-2024-36787: Allows unauthorized access to the router’s settings, posing a severe threat to network security and sensitive user data.
– CVE-2024-36788: Allows intercepting and accessing sensitive communications between the router and connected devices.
– CVE-2024-36789: Permits creation of weak passwords for the administrator account, leading to unauthorized access and potential data exposure.
– CVE-2024-36790: Stores credentials in plain text, facilitating unauthorized access and data exposure.
– CVE-2024-36792: Allows attackers to gain access to the router’s PIN, leading to potential unauthorized access and manipulation.
– CVE-2024-36795: Provides insecure permissions that heighten the risk of unauthorized network access and control.
The meeting notes also recommend applying mitigations to prevent attacks, such as turning off remote management features, using complex, long passwords, separating the router from critical systems, using HTTPS, turning off WPS, switching to WPA3, and restricting access to the router’s administrative interface.
In conclusion, users still relying on the Netgear WNR614 N300 router are strongly advised to consider replacing it with a model actively supported by its manufacturer to ensure better security.