April 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
CrySIS aka Dharma Ransomware – Active IOCs
June 11, 2024APT Group Gamaredon aka Shuckworm – Active IOCs
June 11, 2024CrySIS aka Dharma Ransomware – Active IOCs
June 11, 2024APT Group Gamaredon aka Shuckworm – Active IOCs
June 11, 2024
Severity
High
Analysis Summary
CVE-2024-36795 CVSS:7.5
Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to bypass security restrictions, caused by insecure permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to access URLs and directories embedded within the firmware.
CVE-2024-36792 CVSS:7.5
Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to bypass security restrictions, caused by an issue in the implementation of the WPS. By sending a specially crafted request, an attacker could exploit this vulnerability to gain access to the router's pin.
CVE-2024-36790 CVSS:7.5
Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to obtain sensitive information, caused by storing credentials in plaintext. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-36789 CVSS:5.3
Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to bypass security restrictions. By sending a specially crafted request, an attacker could exploit this vulnerability to create passwords that do not conform to defined security standards.
CVE-2024-36788 CVSS:7.5
Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to obtain sensitive information, caused by failing to set the HTTPOnly flag for cookies. By sending a specially crafted request, a remote attacker could exploit this vulnerability to intercept and access sensitive communications between the router and connected devices.
CVE-2024-36787 CVSS:7.5
Netgear WNR614 JNR1010V2/N300 could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authentication and access the administrative interface.
Impact
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-36795
- CVE-2024-36792
- CVE-2024-36790
- CVE-2024-36789
- CVE-2024-36788
- CVE-2024-36787
Affected Vendors
NETGEAR
Affected Products
- NETGEAR WNR614 JNR1010V2/N30 1.1.0.54_1.0.1
Remediation
Refer to NETGEAR Website for patch, upgrade, or suggested workaround information.
