Multiple Vulnerabilities Plague Discontinued Netgear WNR614 Routers

Multiple Vulnerabilities Plague Discontinued Netgear WNR614 Routers

June 11, 2024 at 09:52AM

Redfox Security warns of six vulnerabilities in discontinued Netgear WNR614 N300 routers, including weak authentication allowing unauthorized access, lack of HTTPOnly cookie flag setting, weak password creation, plain text storage of Wi-Fi credentials, exposed WPS PIN and insecure firmware permissions. Users are advised to disable vulnerable functions, enforce strong passwords, isolate the router, and replace it with an actively supported model.

Based on the meeting notes, the key takeaways are:

– Redfox Security identified six vulnerabilities in the discontinued Netgear WNR614 N300 router model running firmware version 1.1.0.54_1.0.1, which was released in August 2018.
– These vulnerabilities include bypassing authentication, intercepting communication, retrieving credentials, weak password creation, storing Wi-Fi credentials in plain text, and flaws in the WPS implementation.
– To mitigate these issues, it is recommended to disable vulnerable functions and components, enforce strong password policies, periodically rotate passwords, isolate the router from critical network systems, implement access control measures, and use encryption for sensitive data.
– With the product being discontinued, users are advised to replace the router with a model actively supported and maintained by the manufacturer to ensure better security.

Let me know if there is anything else you’d like to add or modify.

Full Article