Attackers Can Gain Access to Router's PIN via Implementation Flaw
CVE-2024-36792

8.2HIGH

Key Information:

Vendor: Netgear
Status: Wnr614 Firmware
Vendor: CVE Published:; 7 June 2024

What is CVE-2024-36792?

A security vulnerability exists within the WPS (Wi-Fi Protected Setup) implementation of certain Netgear routers, including the WNR614 JNR1010V2 and N300-V1.1.0.54_1.0.1 versions. This flaw allows unauthorized attackers to exploit the router's WPS feature, gaining access to sensitive router PINs. As a result, malicious entities can potentially compromise the entire network, posing significant risks to users' data and privacy. It's crucial for users of affected Netgear products to assess their device security and consider implementing recommended security practices.

References

https://redfoxsec.com/blog/security-advisory-multiple-vul...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2024