CVE-2024-36787 – This vulnerability allows attackers to bypass a... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to bypass authentication on Netgear WNR614 JNR1010V2 N300 routers and access the administrative interface. Attackers can gain unauthorized control of affected routers. Users with these specific router models running vulnerable firmware are affected.

💻 Affected Systems

Products:

Netgear WNR614 JNR1010V2 N300

Versions: V1.1.0.54_1.0.1

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Wnr614 Firmware by Netgear

View all CVEs affecting Wnr614 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attackers to change DNS settings, intercept traffic, install malware, or use the router as part of a botnet.

🟠

Likely Case

Unauthorized access to router configuration, network reconnaissance, and potential credential theft from connected devices.

🟢

If Mitigated

Limited impact if router is behind additional firewalls, has strong network segmentation, and administrative interface is not internet-facing.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Authentication bypass vulnerabilities typically have low exploitation complexity once the vector is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Netgear support site for firmware updates
2. If update available, download and install following vendor instructions
3. Reboot router after update
4. Verify firmware version is updated

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to administrative interface

Change default credentials

all

Use strong, unique passwords for router administration

🧯 If You Can't Patch

Isolate router on separate network segment
Implement network monitoring for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in administrative interface. If version is V1.1.0.54_1.0.1, router is vulnerable.

Check Version:

Login to router admin interface and check firmware version in status/settings

Verify Fix Applied:

Verify firmware version has changed from V1.1.0.54_1.0.1 after update.

📡 Detection & Monitoring

Log Indicators:

Unauthorized login attempts to router admin interface
Configuration changes from unknown IP addresses

Network Indicators:

Unexpected traffic to router administrative ports (typically 80, 443, 8080)
DNS changes from router

SIEM Query:

source="router_logs" AND (event="login_failed" OR event="config_change") AND NOT src_ip IN [authorized_ips]

📊 Metadata

CVE ID: CVE-2024-36787

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1390

Published: June 7, 2024

Last Updated: May 29, 2025

🔗 References

https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/ Exploit,Third Party Advisory
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36787, you might also want to check these: