Endpoint Security , Internet of Things Security
Half a Dozen Flaws in Netgear Router Put User Data at Risk
Vulnerabilities Could Lead to Unauthorized Data Access and ManipulationHalf a dozen vulnerabilities in a moderately priced Netgear router could allow attackers to bypass authentication, putting home users and small businesses at risk.
See Also: Frost Radar™ on Healthcare IoT Security in the United States
Researchers at Redfox Security uncovered vulnerabilities in Netgear WNR614 JNR1010V2 N300, a router sold by the Silicon Valley networking manufacturer between 2018 through 2021.
The flaws could cause unauthorized access, network manipulation and exposure of sensitive data. The first vulnerability, tracked as CVE-2024-36787, involves improper authentication and broken access control.
Attackers can exploit this flaw to gain unauthorized access to the router's administrative interface, bypassing existing security protocols. The researchers recommended that users disable remote management, use strong passwords and establish network segmentation to mitigate this risk.
Another critical issue, CVE-2024-36788, is the absence of the HTTPOnly flag on cookies, making sensitive communications vulnerable to interception. This flaw could enable attackers to hijack sessions and access critical data. The researchers said users should configure the router to use HTTPS for all communications and employ browser security features that enforce secure connections.
A particularly alarming vulnerability, CVE-2024-36790, involves storing passwords in plaintext. This practice exposes sensitive authentication credentials, increasing the risk of unauthorized access and network manipulation.
Another flaw, CVE-2024-36789, involves a password policy bypass in which attackers can create passwords that do not meet security standards. This weakness allows for setting easily guessable passwords, undermining the router's security.
The researchers also discovered that the router's WPS implementation, detailed in CVE-2024-36792, is flawed, allowing attackers to gain access to the router's PIN. Users should disable WPS functionality and use WPA3 for better security, if supported, and regularly monitor and disable the WPS setting.
A final flaw, CVE-2024-36795, points to insecure permissions, enabling attackers to access URLs and directories within the firmware. This vulnerability can lead to unauthorized access and manipulation of router settings.
Redfox Security recommended replacing the router with a model that is actively supported and maintained by the manufacturer. In the meantime, users should apply the advised mitigations to secure their networks against potential exploits.