Security researchers have uncovered several severe vulnerabilities in the Netgear WNR614 JNR1010V2 N300 router that could allow unauthorised access and exposure of sensitive data. The affected firmware version is V1.1.0.54_1.0.1.
The most significant vulnerability (CVE-2024-36787) involves improper authentication, enabling attackers to bypass security protocols and gain administrative access to the router’s interface. Other critical issues include lack of the HTTPOnly flag on cookies (CVE-2024-36788), which risks session hijacking, ability to set insecure passwords (CVE-2024-36789), storage of passwords in plaintext (CVE-2024-36790), and exposure of the router’s WPS PIN due to flawed implementation (CVE-2024-36792). There is also a flaw allowing access to firmware directories due to insecure permissions (CVE-2024-36795).
These vulnerabilities pose severe risks to home and small business networks using the affected Netgear router. Attackers could gain complete control over the router, monitor traffic, access sensitive data like credentials, and leverage the compromised router for further attacks on the network.
Compounding the risks, the WNR614 router reached its End of Service life in 2021, meaning Netgear no longer provides firmware updates or security patches for this model. Users have no way to remediate these vulnerabilities through official firmware updates.
Security researchers advise immediately replacing the WNR614 router with a newer model actively supported by the manufacturer and receiving regular firmware updates. In the interim, mitigation steps include:
While applying these mitigations reduces risk, they do not fully resolve the underlying vulnerabilities in an End of Service product.
Home users and small businesses still using the Netgear WNR614 router should urgently replace it with a newer, supported model and secure the network according to current best practices. Allowing an obsolete, vulnerable router to remain the network’s first line of defence is extremely risky in today’s threat landscape.
Organisations should have an effective router/gateway replacement strategy to ensure networking equipment is supported, receiving security updates, and not introducing preventable vulnerabilities. Cyber security protocols must also cover secure router configuration, password policies, encryption in transit, and network segmentation.
By acting promptly on these vulnerabilities and adopting robust device lifecycle and network security practices, individuals and organisations can mitigate the risks stemming from outdated networking equipment.
Further information on the vulnerabilities at:
Starting in mid-July 2025, Microsoft will begin automatically blocking legacy authentication protocols in Microsoft 365, with full enforcement expected by August 2025. This update addresses…
A critical security vulnerability discovered in Microsoft 365 Copilot highlights that there is a risk associated with AI-powered business tools that we must continue to…
Microsoft has released its June 2025, Patch Tuesday security updates addressing 66 vulnerabilities across its software ecosystem. This month’s release includes one actively exploited zero-day…
