Redfox Security
5 min readJun 18, 2024

Security Advisory: Multiple Vulnerabilities in Netgear WNR614 Router

Overview:

Our security analysis has uncovered multiple vulnerabilities in the Netgear WNR614 router. The identified vulnerabilities present risks of security protocol circumvention and unauthorized retrieval of sensitive data by local entities. Furthermore, it is important to note that the WNR614 N300 model has reached its End of Service (EOS) in 2021.

Figure: Netgear WNR614 Router

Affected Version

The router variant impacted is the Netgear WNR614 JNR1010V2 N300, with the firmware iteration V1.1.0.54_1.0.1.

1. Improper Authentication / Broken Access Control (CVE-2024–36787)

Description:

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.

Impact:

Poor authentication protocols allowing insecure passwords pose a severe threat to network security, necessitating immediate and decisive action to stop unauthorized access and protect network operations and sensitive data.

Mitigation:

✅ Immediately disable remote management to minimize the risk of unauthorized access.

✅ Use strong, complex passwords and change them regularly.

✅ Establish network segmentation to separate your router from vital systems.

POC:

The Netgear WNR614 router’s weak authentication, allowing Base64 credential cracking, poses a serious security risk.

Figure: Improper Authentication
Figure: Broken Access Control

2. Cookie Without HTTPOnly / Secure Flag Set (CVE-2024–36788)

Description:

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.

Impact:

The Netgear WNR614 router’s improper “HTTPOnly” cookie flag setting exposes critical data to potential interception, posing a substantial risk of unauthorized network access and compromise.

Mitigation:

✅ Manually configure the router to use HTTPS for all communications.

✅ Use browser security features and extensions that enforce HTTPS connections.

POC:

Due to not setting the “HTTPOnly” flag, this vulnerability risks sensitive data exposure through unencrypted channels, enabling attackers to potentially hijack sessions and compromise the network.

Figure: Cookie Without HTTPOnly Flag Set
Figure: Cookie Without Secure Flag Set

3. Password Policy Bypass (CVE-2024–36789)

Description:

An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.

Impact:

Netgear WNR614 router vulnerability allows insecure passwords, risking unauthorized access, network manipulation, and potential data exposure.

Mitigation:

✅ Implement a strong password policy and enforce it rigorously.

✅ Use third-party security software to manage and enforce password policies.

✅ Regularly audit passwords and access controls.

POC:

Users can bypass Netgear’s password policies by setting a single-digit password on the WNR614 router.

Figure: Password Policy Bypass

4. Password Storage in Plaintext / Incorrect Access Control / Cleartext Storage of Sensitive Information / Information Disclosure (CVE-2024–36790)

Description:

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.

Impact:

NETGEAR WNR614 router stores sensitive authentication credentials in cleartext, risking unauthorized access, router manipulation, and potential data exposure. Immediate action is essential for remediation.

Mitigation:

✅ Use encryption to protect stored credentials.

✅ Periodically change passwords and monitor for unauthorized access.

POC:

NETGEAR routers’ practice of storing WiFi credentials in cleartext within their firmware or database creates a vulnerability that, if exploited through unauthorized access, could lead to network manipulation and unauthorized entry.

Figure: Password Storage in Plaintext
Figure: Incorrect Access Control
Figure: Cleartext Storage of Sensitive Information
Figure: Information Disclosure

5. WPS PIN Exposure (CVE-2024–36792)

Description:

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router’s pin.

Impact:

NETGEAR WNR614 router stores sensitive authentication credentials in cleartext, risking unauthorized access, router manipulation, and potential data exposure. Immediate action is essential for remediation.

Mitigation:

✅ Disable WPS functionality to prevent this attack vector.

✅ Use WPA3 for better security if supported.

✅ Regularly monitor and disable the WPS setting.

POC:

NETGEAR router’s flawed WPS implementation creates a security loophole that could lead to unauthorized network access and setting manipulation.

Figure: WPS PIN Exposure

6. Insecure Permissions (CVE-2024–36795)

Description:

Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.

Impact:

The unencrypted storage of sensitive data, like mail server credentials, in NETGEAR router firmware, significantly heightens the risk of unauthorized network access.

Mitigation:

✅ Implement access control measures to restrict access to the router’s administrative interface.

✅ Encrypt sensitive data stored on the router.

POC:

Exploiting these vulnerabilities could allow attackers to access sensitive data and control router settings, threatening network security and necessitating urgent protective measures.

Figure: Insecure Permissions

TL; DR

Given that the Netgear WNR614 N300 router has reached its End of Service, it is recommended to replace the router with a model that is actively supported and maintained by the manufacturer. In the interim, users should apply the mitigations outlined above to secure their networks against potential exploits.