CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Multiple Vulnerabilities Plague Discontinued Netgear WNR614 Routers

Redfox Security warns of multiple vulnerabilities in Netgear WNR614 routers discontinued three years ago. The post Multiple Vulnerabilities Plague Discontinued Netgear WNR614 Routers appeared first on SecurityWeek.

Vulnerabilities in discontinued Netgear WNR614 routers allow attackers to bypass authentication, intercept communications, and retrieve credentials, Redfox Security warns.

A total of six flaws were discovered in the Netgear WNR614 N300 router model running the latest available firmware version, 1.1.0.54_1.0.1, which was released in August 2018. The product was discontinued in 2021.

Tracked as CVE-2024-36787, the first issue discovered by Redfox Security allows attackers to bypass the authentication mechanism of the device and access the administrative interface via unspecified vectors.

The weak authentication, the cybersecurity firm notes, allows Base64 credential cracking, exposing both the device and the local network to security risks.

“Poor authentication protocols allowing insecure passwords pose a severe threat to network security, necessitating immediate and decisive action to stop unauthorized access and protect network operations and sensitive data,” Redfox Security warns.

Another issue, the cybersecurity firm says, is that the Netgear WNR614 N300 router fails to properly set the HTTPOnly flag for cookies, allowing an attacker to intercept and access sensitive communication between the router and other devices.

The issue, tracked as CVE-2024-36788, can be mitigated by configuring the router to always use HTTPS and by setting browsers to enforce HTTPS connections.

The router was also found to allow users to create weak passwords (CVE-2024-36789) and to store Wi-Fi credentials in plain text (CVE-2024-36790), which exposes it to unauthorized access, manipulation, and data exposure.

Furthermore, Redfox Security discovered a flaw in the WPS implementation in the router that exposes the device’s PIN to attackers (CVE-2024-36792), and insecure permissions that allow attackers to access URLs and directories in the firmware (CVE-2024-36795).

Because the vulnerable product is discontinued, users are advised to disable vulnerable functions and components, enforce strong password policies, periodically rotate passwords, isolate the router from critical network systems, implement access control measures, and use encryption for sensitive data.

“Given that the Netgear WNR614 N300 router has reached its End of Service, it is recommended to replace the router with a model that is actively supported and maintained by the manufacturer,” Redfox Security notes.

Related: Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers

Related: Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation

Related: Attacks Targeting Realtek SDK Vulnerability Ramping Up

Latest News

CYBERNEWSMEDIAPublisher