Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router - Cyber and Fraud Centre

*If you have this router, it’s probably time to replace it. (Image: Netgear)*

Security researchers have uncovered several severe vulnerabilities in the Netgear WNR614 JNR1010V2 N300 router that could allow unauthorised access and exposure of sensitive data. The affected firmware version is V1.1.0.54_1.0.1.

The most significant vulnerability (CVE-2024-36787) involves improper authentication, enabling attackers to bypass security protocols and gain administrative access to the router’s interface. Other critical issues include lack of the HTTPOnly flag on cookies (CVE-2024-36788), which risks session hijacking, ability to set insecure passwords (CVE-2024-36789), storage of passwords in plaintext (CVE-2024-36790), and exposure of the router’s WPS PIN due to flawed implementation (CVE-2024-36792). There is also a flaw allowing access to firmware directories due to insecure permissions (CVE-2024-36795).

Impact and Risks

These vulnerabilities pose severe risks to home and small business networks using the affected Netgear router. Attackers could gain complete control over the router, monitor traffic, access sensitive data like credentials, and leverage the compromised router for further attacks on the network.

End of Support

Compounding the risks, the WNR614 router reached its End of Service life in 2021, meaning Netgear no longer provides firmware updates or security patches for this model. Users have no way to remediate these vulnerabilities through official firmware updates.

Mitigation

Security researchers advise immediately replacing the WNR614 router with a newer model actively supported by the manufacturer and receiving regular firmware updates. In the interim, mitigation steps include:

Disabling remote router management
Using strong admin passwords
Configuring the router to use HTTPS encryption.
Disabling WPS functionality
Implementing network segmentation
Using browser security extensions to enforce HTTPS.

While applying these mitigations reduces risk, they do not fully resolve the underlying vulnerabilities in an End of Service product.

Recommendations

Home users and small businesses still using the Netgear WNR614 router should urgently replace it with a newer, supported model and secure the network according to current best practices. Allowing an obsolete, vulnerable router to remain the network’s first line of defence is extremely risky in today’s threat landscape.

Organisations should have an effective router/gateway replacement strategy to ensure networking equipment is supported, receiving security updates, and not introducing preventable vulnerabilities. Cyber security protocols must also cover secure router configuration, password policies, encryption in transit, and network segmentation.

By acting promptly on these vulnerabilities and adopting robust device lifecycle and network security practices, individuals and organisations can mitigate the risks stemming from outdated networking equipment.

Further information on the vulnerabilities at: