US

Your cheap Netgear router might have some serious security flaws — here's what we know so far

16/06/2024

your cheap netgear router might have some serious security flaws — here's what we know so far

Your cheap Netgear router might have some serious security flaws — here's what we know so far

A popular budget-friendly Netgear small business router is vulnerable to half a dozen flaws that could lead to the theft of sensitive information, and possibly even full device takeover, experts have warned.

Since the device reached its end-of-life, Netgear is not expected to release any patches for the flaws, so it might be wise to just replace the endpoint with something newer.

Being budget-friendly, reliable, and easy to use, Netgear’s WNR614 N300 is a popular choice not just in the household, but in small and medium-sized businesses (SMB) as well.

Router risk

Cybersecurity researchers at RedFox Security discovered the following flaws in the WNR614 N300 device:

CVE-2024-36787: authentication bypass vulnerability that allows threat actors to access the admin interface. From there, they can tweak router settings and possibly even steal sensitive data.
CVE-2024-36788: improper setting of the HTTPOnly flag for cookies flaw, allowing threat actors to intercept sensitive communication between devices.
CVE-2024-36789: allows threat actors to create new passwords for the admin account.
CVE-2024-36790: this flaw makes the router store login credentials in plaintext format.
CVE-2024-36792: poor implementation of WPS grants attackers access to the router’s PIN.
CVE-2024-36795: insecure permissions vulnerability allowing threat actors easy access to URLs and directories embedded within the router's firmware.

Mitigations

That being said, chances are many SMBs will keep the device despite the vulnerabilities. In that case, the company suggests applying the following mitigations:

Turn off remote management features
Create strong passwords
Separate the router from critical systems
Make sure the router uses HTTPS and use browser settings to enforce HTTPS
Turn off WPS
Switch to WPA3
Restrict access to the router's admin interface.

Being the gateway for the internet, a router is one of the most widespread pieces of technology today. As a result, it is a popular target among cybercriminals looking not just for sensitive data, but also for extra hardware to use in potent DDoS attacks. Securing the router should be mandatory for all households and businesses.

Via BleepingComputer

More from TechRadar Pro

OTHER NEWS

Princess Anne in hospital after 'incident' at royal estate

Florida firefighter kills new wife in murder-suicide after ominous Facebook post

France vs Poland TV channel, start time and how to watch Euro 2024 fixture online tomorrow

Prince William and Kate Middleton 'shaken to the core’ but marriage is ‘stronger than ever’

More Drama For UK Royal Family As Princess Anne Taken To Hospital

Conservative-backed group creating a list of federal workers it suspects could be hostile to Trump's policies

Stanley Cup Final Game 7 Panthers vs. Oilers: Predictions, odds, how to watch

Where is the 2024 NBA Draft being held? Location, more to know

UK woman’s nightmare cruise leads to special bond with Aussie mum, charity helping DV victims

The Deadly Flooding Tearing Through Southern China, in Photos

Mets closer Edwin Diaz ejected after foreign substance check vs. Cubs

Highs of 31C forecast for coming week as temperatures soar

Mostly police officers killed in attacks in Russian region of Dagestan

Caitlin Clark opens up on the prospect of playing alongside WNBA rival Angel Reese in All-Star game vs. Team USA

CNN host Kasie Hunt cuts off interview with Trump press secretary Karoline Leavitt for attacking debate moderator Jake Tapper

Video: Treadmill tragedy as fitness fanatic, 22, stumbles backwards off running machine before plunging to her death out of gym's third-floor window during workout

Video: Nigel Farage calls for the West to start 'sensible' negotiations with Putin over 'horrific stalemate' in Ukraine as he faces fury for 'echoing' Russian dictator's lines

Video: ING bank scam: Canberra woman loses eye-watering $1.6million in new sting to another 'posh pom' scammer with a British accent

Young pitch invader at Euro 2024 got away with a warning, claims father

PSL champions Mameloidi Sundowns and Nedbank title-holders Orlando Pirates stood tall at the PSL Awards

11 conclusions from the weekend’s rugby league including Leeds Rhinos, Salford Red Devils

Jonathon Cooper named Broncos' most underrated player

Why has the cost of home insurance suddenly gone through the roof?

I'm a consultant in my mid-20s. Here's what a day in my life is like and how I use AI in my job.

No quarter given: Who will remain in the hunt for Sam Maguire after the last-eight ties?

Princess Anne hospitalised with concussion

Hochul on NY social media law: ‘You cannot turn a blind eye to trauma that has been inflicted on our children’

'Gorgeous' M&S sandals 'butter soft from day one' now in the sale

"We didn't get the chance to do that" - Kevin Garnett breaks down what Boston needs to do next to stay elite

Peter Andre pulled over for drink-driving after cops mistook coffee for pint of Guinness

Shebeshxt pays tribute to daughter in wheelchair at funeral service, amid health battle

London Tunnels tourist attraction snubs London Stock Exchange in favour of Amsterdam IPO

Gary Lineker and Micah Richards left red-faced over Scotland comment before Euro 2024

Princess Anne in hospital with minor injuries and concussion after incident

Steve Clarke on referee who failed to award Scotland a penalty

Countdown begins to French snap elections, with discouraging headlines for Macron

Umpires fire back at AFL, claim they're 'decoys'

Tamayo Perry Dies In Shark Attack: ‘Pirates Of The Caribbean’ Actor Was Aged 49

Myer proposes merger with Premier Investments’ apparel business

'A prayer answered': American detained for ammo in Turks and Caicos says of flight home