Security analysis has unveiled several vulnerabilities in the Netgear WNR614 JNR1010V2 N300 router, firmware V1.1.0.54_1.0.1, raising concerns about potential exploitation. These vulnerabilities, including improper authentication protocols and weak password management, could permit attackers to circumvent authentication and access the router’s administrative interface, posing significant risks to network security. Despite the router model reaching its End-of-Service in 2021, the absence of security patches heightens the urgency for users to address these vulnerabilities proactively.
One vulnerability (CVE-2024-36788) enables attackers to intercept sensitive information exchanged between the router and connected devices due to the absence of the “HTTPOnly” flag for cookies. This flaw allows attackers to steal login credentials or sensitive data via malicious scripts, highlighting the importance of configuring routers to use HTTPS or enforcing secure connections through browser features. Another vulnerability (CVE-2024-36789) permits attackers to bypass password policies and configure weak passwords, potentially compromising network integrity and facilitating unauthorized access.
Furthermore, the exposure of WiFi credentials in plaintext within the firmware (CVE-2024-36790) poses a significant risk, potentially leading to unauthorized access and data breaches. Netgear advises implementing encryption for stored credentials and enforcing stringent password policies to mitigate this vulnerability effectively. Additionally, an insecure implementation of Wi-Fi Protected Setup (WPS) PIN (CVE-2024-36792) could allow attackers to gain unauthorized access to network settings, necessitating the disabling of WPS and the use of WPA3 encryption for enhanced security.
Lastly, vulnerabilities such as CVE-2024-36795 enable attackers to access sensitive URLs and directories within the router’s firmware, potentially leading to unauthorized control over router settings and the exposure of credentials for mail servers. To address these vulnerabilities, users are advised to implement access controls, encrypt sensitive data, and promptly patch their devices to reduce the risk of exploitation. These proactive measures are essential for safeguarding network infrastructure and mitigating potential security breaches.
Reference:
