Our latest security assessment has identified several critical vulnerabilities in the Netgear WNR614 router, a device widely recognized for its reliable performance, stable connectivity, and user-friendly interface. These vulnerabilities create opportunities for attackers to bypass security controls and gain unauthorized access to sensitive data.
It is important to note that the Netgear WNR614 N300 model reached End of Service (EOS) in 2021, meaning it no longer receives official support or updates from the manufacturer.
The router variant impacted is the Netgear WNR614 JNR1010V2 N300, with the firmware iteration V1.1.0.54_1.0.1.
1. Improper Authentication / Broken Access Control (CVE-2024-36787)
Description: An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.
Impact: Poor authentication protocols allowing insecure passwords pose a severe threat to network security, necessitating immediate and decisive action to stop unauthorized access and protect network operations and sensitive data.
Mitigation: Upgrade firmware to the latest version.
POC: The Netgear WNR614 router’s weak authentication, allowing Base64 credential cracking, poses a serious security risk.
2. Cookie Without HTTPOnly / Secure Flag Set (CVE-2024-36788)
Description: Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.
Impact: The Netgear WNR614 router’s improper “HTTPOnly” cookie flag setting exposes critical data to potential interception, posing a substantial risk of unauthorized network access and compromise.
Mitigation: Upgrade firmware to latest version.
POC: Due to not setting the “HTTPOnly” flag, this vulnerability risks sensitive data exposure through unencrypted channels, enabling attackers to potentially hijack sessions and compromise the network.
3. Password Policy Bypass (CVE-2024-36789)
Description: An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards
Impact: Netgear WNR614 router vulnerability allows insecure passwords, risking unauthorized access, network manipulation, and potential data exposure.
Mitigation: Upgrade firmware to the latest version.
POC: Users can bypass Netgear’s password policies by setting a single-digit password on the WNR614 router.
4. Password Storage in Plaintext / Incorrect Access Control / Cleartext Storage of Sensitive Information / Information Disclosure (CVE-2024-36790)
Description: Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.
Impact: NETGEAR WNR614 router stores sensitive authentication credentials in cleartext, risking unauthorized access, router manipulation, and potential data exposure. Immediate action is essential for remediation.
Mitigation: Upgrade firmware to the latest version.
POC: NETGEAR routers’ practice of storing WiFi credentials in cleartext within their firmware or database creates a vulnerability that, if exploited through unauthorized access, could lead to network manipulation and unauthorized entry.
5. WPS PIN Exposure (CVE-2024-36792)
Description: An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access the router’s PIN.
Impact: NETGEAR WNR614 router stores sensitive authentication credentials in cleartext, risking unauthorized access, router manipulation, and potential data exposure. Immediate action is essential for remediation.
Mitigation: Upgrade firmware to the latest version.
POC: NETGEAR routers flawed WPS implementation creates a security loophole that could lead to unauthorized network access and setting manipulation.
6. Insecure Permissions (CVE-2024-36795)
Description: Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.
Impact: The unencrypted storage of sensitive data, like mail server credentials, in NETGEAR router firmware, significantly heightens the risk of unauthorized network access.
Mitigation: Upgrade firmware to latest version.
POC: Exploiting these vulnerabilities could allow attackers to access sensitive data and control router settings, threatening network security and necessitating urgent protective measures.
Since the Netgear WNR614 N300 router is no longer supported, the most effective long-term mitigation is to replace the device with a supported model. In the meantime, users should apply firmware updates where available and follow the recommended mitigations to reduce exposure to potential attacks.
At Redfox Security, we are a global team of experienced security consultants dedicated to strengthening organizations’ defenses. We specialize in uncovering vulnerabilities, providing remediation strategies, and helping businesses improve their security posture.
If you’re concerned about your network’s security, reach out to us today to discuss your testing needs.
Join our growth journey by enrolling in our comprehensive security training courses and gain the expertise to protect your systems effectively.
Redfox Cyber Security Inc.
8 The Green, Ste. A, Dover,
Delaware 19901,
United States.
info@redfoxsec.com
©️2025 Redfox Cyber Security Inc. All rights reserved.
