Netgear Router Vulnerability Allows Attackers to Intercept Sensitive Communications
CVE-2024-36788

4.8MEDIUM

Key Information:

Vendor: Netgear
Status: Wnr614 Firmware
Vendor: CVE Published:; 7 June 2024

What is CVE-2024-36788?

A security issue has been identified in the Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1, where the HTTPOnly flag for cookies is not properly set. This misconfiguration permits potential interception of sensitive information shared between the router and connected devices, posing a significant risk to user privacy and data integrity. Network administrators are advised to implement immediate measures to mitigate potential attacks targeting this vulnerability.

References

https://redfoxsec.com/blog/security-advisory-multiple-vul...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2024