Multiple critical vulnerabilities reported in Netgear routers

Security researchers have identified multiple critical vulnerabilities in the Netgear WNR614 JNR1010V2 N300 router (firmware V1.1.0.54_1.0.1), due to the router's improper authentication protocols and weak password management.

The vulnerabilities could allow attackers to bypass authentication, access the router's administrative interface, and manipulate network settings. Given that this router model reached its End-of-Service in 2021, it is highly unlikely that any security patches will be released to address these issues.

Vulnerability details:

1. CVE-2024-36788 (CVSS score 9.1) - Authentication Bypass - This vulnerability allows attackers to bypass authentication mechanisms and gain unauthorized access to the router’s administrative interface. Users should configure the router to use HTTPS or rely on browser features enforcing secure connections.

2. CVE-2024-36789 (CVSS score 9.1) - Password Policy Bypass - This vulnerability allows attackers to bypass security measures and configure weak passwords, such as single-digit PINs.Implement manual password policies and regularly update passwords.

3. CVE-2024-36790 (CVSS score 9.8) - Plaintext Storage of WiFi Credentials - WiFi credentials are stored in plaintext within the firmware, exposing the router to unauthorized access and manipulation.

4. CVE-2024-36792 (CVSS score 9.8) - WPS PIN Exposure - Improper implementation of Wi-Fi Protected Setup (WPS) exposes the WPS PIN, allowing attackers to gain unauthorized access to network settings. Disable WPS and regularly monitor and disable WPS when not in use.

5. CVE-2024-36795 (CVSS score 9.1) - Sensitive URLs and Directories Exposure - Attackers can access and potentially exploit sensitive URLs and directories within the firmware, gaining unauthorized control over the router’s settings.

Given the critical nature of these vulnerabilities and the lack of ongoing support for the device, it is strongly recommended that users of the Netgear WNR614 JNR1010V2 N300 router replace the router with a newer, supported model is highly advisable. Until a replacement is obtained, configure the router to use HTTPS, enforce strong passwords, and disable WPS.