Summary
| Detail | |||
|---|---|---|---|
| Vendor | Netgear | First view | 2017-01-29 |
| Product | wnr614 Firmware | Last view | 2025-06-03 |
| Version | Type | Os | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2025-06-03 | CVE-2025-5495 | A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024. |
| 0 | 2024-06-07 | CVE-2024-36792 | An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin. |
| 0 | 2024-06-07 | CVE-2024-36790 | Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. |
| 0 | 2024-06-07 | CVE-2024-36789 | An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. |
| 4.8 | 2024-06-07 | CVE-2024-36788 | Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices. |
| 0 | 2024-06-07 | CVE-2024-36787 | An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. |
| 0 | 2024-06-06 | CVE-2024-36795 | Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. |
| 7.5 | 2020-04-28 | CVE-2016-11057 | Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06. |
| 8.8 | 2020-04-21 | CVE-2017-18791 | Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50. |
| 8.8 | 2020-04-16 | CVE-2019-20690 | Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.30, D7000 before 1.0.1.66, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.68, WNR2020 before 1.1.0.54, and WNR614 before 1.1.0.54. |
| 9.8 | 2017-01-29 | CVE-2016-10174 | The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 33% (1) | CWE-287 | Improper Authentication |
| 33% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-05-23 | Netgear WNR2000 hidden_lang_avi stack buffer overflow attempt RuleID : 41096-community - Type : SERVER-WEBAPP - Revision : 4 |
| 2017-01-25 | Netgear WNR2000 hidden_lang_avi stack buffer overflow attempt RuleID : 41096 - Type : SERVER-WEBAPP - Revision : 4 |
