Critical Vulnerabilities In Netgear Routers Let Attackers Bypass Authentication

Security analysis identified multiple vulnerabilities in the Netgear WNR614 JNR1010V2 N300 router (firmware V1.1.0.54_1.0.1) that could allow attackers to bypass authentication and access the router’s administrative interface. 

This is due to improper authentication protocols and weak password management, which could potentially enable unauthorized access, network manipulation, and sensitive data exposure. 

EHA

Since the router model (N300) reached its End-of-Service in 2021, it is highly unlikely that any security patches will be released. 

Improper Authentication

An attacker can exploit a vulnerability in Netgear WNR614 routers (CVE-2024-36788) to steal sensitive information exchanged between the router and connected devices.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

The vulnerability exists because the router doesn’t set the “HTTPOnly” flag for cookies, allowing attackers with access to steal cookies containing login credentials or other sensitive data through malicious scripts.

To mitigate this risk, users can manually configure the router to use HTTPS or rely on browser features that enforce secure connections. 

Cookie Without HTTPOnly Flag Set

The Netgear WNR614 JNR1010V2/N300 router (firmware V1.1.0.54_1.0.1) suffers from a password policy bypass vulnerability (CVE-2024-36789), which allows attackers to bypass security measures and configure weak passwords, such as single-digit PINs. 

The weakness exposes the router to unauthorized access attempts, potentially compromising network integrity and allowing attackers to manipulate network settings or steal sensitive data. 

Password Policy Bypass

A security vulnerability (CVE-2024-36790) was found in Netgear WNR614 JNR1010V2/N300 routers where WiFi credentials are stored in plaintext within the firmware, which exposes the router to unauthorized access and potential manipulation, which could lead to data breaches. 

According to Red Fox Security, Netgear suggests encrypting stored credentials and implementing more stringent password policies to reduce the risk of this occurrence.   

 Information Disclosure

A vulnerability in Netgear WNR614 JNR1010V2/N300 routers (CVE-2024-36792) exposes the Wi-Fi Protected Setup (WPS) PIN due to improper implementation. 

Attackers may use this PIN to gain unauthorized access to the router’s network settings and potentially manipulate them. 

To mitigate this risk, it is recommended that WPS be disabled and that WPA3 encryption (if supported) be used. Regularly monitoring and disabling WPS when not in use is also advised. 

 Insecure Permissions

Due to a vulnerability known as CVE-2024-36795, attackers can access and potentially exploit sensitive URLs and directories contained within the firmware of Netgear WNR614 JNR1010V2/N300 routers. 

Through this unsecured access, they could gain unauthorized control over the router’s settings, which could also bring sensitive data, such as credentials for mail servers, to light. 

Implementing access controls, encrypting sensitive data, and patching the vulnerability are crucial to mitigating this risk.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo