Old Netgear WNR614 N300 routers that reached end of life three years ago are impacted by six security vulnerabilities that could be leveraged to facilitate significant compromise, SecurityWeek reports.
Attackers could exploit the first flaw, tracked as CVE-2024-36787, to evade authentication mechanisms and expose Base64 credentials, while abuse of the second vulnerability, tracked as CVE-2024-36788, could enable the interception of sensitive communications, according to Redfox Security, which recommended the utilization of HTTPS in routers and browsers to avert risks.
Other bugs enable weak password creation and plain text storage of Wi-Fi credentials, tracked as CVE-2024-36789 and CVE-2024-36790, respectively. Moreover, exploitation of the CVE-2024-36792 and CVE-2024-36795 vulnerabilities could allow device PIN exposures and unauthorized firmware URL and directory access, respectively.
Such security issues have prompted researchers to urge the deactivation of vulnerable components and the implementation of robust password policies, password rotation, access control procedures, sensitive data encryption, and immediate router replacements.
