Critical Vulnerabilities In Netgear Routers Let Attackers Bypass Authentication

by Esmeralda McKenzie
Critical Vulnerabilities In Netgear Routers Let Attackers Bypass Authentication

Critical Vulnerabilities In Netgear Routers Let Attackers Bypass Authentication

Serious Vulnerabilities In Netgear Routers Let Attackers Bypass Authentication

Safety prognosis identified extra than one vulnerabilities in the Netgear WNR614 JNR1010V2 N300 router (firmware V1.1.0.54_1.0.1) that will enable attackers to circumvent authentication and get exact of entry to the router’s administrative interface.

This is as a consequence of defective authentication protocols and extinct password administration, which would possibly well well potentially enable unauthorized get exact of entry to, community manipulation, and soft files publicity.

EHA

For the reason that router mannequin (N300) reached its End-of-Carrier in 2021, it is very not going that any security patches will be released.

Capture%20(5)
Horrifying Authentication

An attacker can exploit a vulnerability in Netgear WNR614 routers (CVE-2024-36788) to steal soft files exchanged between the router and connected devices.

The vulnerability exists for the reason that router doesn’t residing the “HTTPOnly” flag for cookies, allowing attackers with get exact of entry to to steal cookies containing login credentials or other soft files thru malicious scripts.

To mitigate this ache, customers can manually configure the router to make spend of HTTPS or depend on browser aspects that enforce actual connections.

Capture%20(6)
Cookie Without HTTPOnly Flag Set

The Netgear WNR614 JNR1010V2/N300 router (firmware V1.1.0.54_1.0.1) suffers from a password protection bypass vulnerability (CVE-2024-36789), which permits attackers to circumvent security measures and configure extinct passwords, such as single-digit PINs.

The weak point exposes the router to unauthorized get exact of entry to attempts, potentially compromising community integrity and allowing attackers to manipulate community settings or steal soft files.

Capture%20(7)
Password Coverage Bypass

A security vulnerability (CVE-2024-36790) modified into cloak in Netgear WNR614 JNR1010V2/N300 routers where WiFi credentials are kept in plaintext within the firmware, which exposes the router to unauthorized get exact of entry to and skill manipulation, which would possibly well well lead to files breaches.

Primarily primarily primarily based on Red Fox Safety, Netgear suggests encrypting kept credentials and enforcing extra stringent password policies to decrease the ache of this occurrence.

Capture%20(8)
Files Disclosure

A vulnerability in Netgear WNR614 JNR1010V2/N300 routers (CVE-2024-36792) exposes the Wi-Fi Protected Setup (WPS) PIN as a consequence of defective implementation.

Attackers would possibly well also merely spend this PIN to like unauthorized get exact of entry to to the router’s community settings and potentially manipulate them.

To mitigate this ache, it is counseled that WPS be disabled and that WPA3 encryption (if supported) be faded. Ceaselessly monitoring and disabling WPS when not in spend is additionally suggested.

Capture%20(9)
Apprehensive Permissions

Resulting from a vulnerability identified as CVE-2024-36795, attackers can get exact of entry to and potentially exploit soft URLs and directories contained within the firmware of Netgear WNR614 JNR1010V2/N300 routers.

Thru this unsecured get exact of entry to, they would possibly well also merely like unauthorized administration over the router’s settings, which would possibly well well additionally bring soft files, such as credentials for mail servers, to light.

Implementing get exact of entry to controls, encrypting soft files, and patching the vulnerability are vital to mitigating this ache.

Source credit : cybersecuritynews.com

Related Posts