Request a Demo
Rewterz
CrySIS aka Dharma Ransomware – Active IOCs
June 11, 2024
Rewterz
APT Group Gamaredon aka Shuckworm – Active IOCs
June 11, 2024

Multiple NETGEAR WNR614 JNR1010V2/N300 Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-36795 CVSS:7.5

Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to bypass security restrictions, caused by insecure permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to access URLs and directories embedded within the firmware.

CVE-2024-36792 CVSS:7.5

Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to bypass security restrictions, caused by an issue in the implementation of the WPS. By sending a specially crafted request, an attacker could exploit this vulnerability to gain access to the router's pin.

CVE-2024-36790 CVSS:7.5

Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to obtain sensitive information, caused by storing credentials in plaintext. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-36789 CVSS:5.3

Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to bypass security restrictions. By sending a specially crafted request, an attacker could exploit this vulnerability to create passwords that do not conform to defined security standards.

CVE-2024-36788 CVSS:7.5

Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to obtain sensitive information, caused by failing to set the HTTPOnly flag for cookies. By sending a specially crafted request, a remote attacker could exploit this vulnerability to intercept and access sensitive communications between the router and connected devices.

CVE-2024-36787 CVSS:7.5

Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authentication and access the administrative interface.

Impact

  • Security Bypass
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-36795
  • CVE-2024-36792
  • CVE-2024-36790
  • CVE-2024-36789
  • CVE-2024-36788
  • CVE-2024-36787

Affected Vendors

NETGEAR

Affected Products

  • NETGEAR WNR614 JNR1010V2/N30 1.1.0.54_1.0.1

Remediation

Refer to NETGEAR Website for patch, upgrade, or suggested workaround information.

NETGEAR Website