CVE-2024-36790
Description
Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Netgear WNR614 router stores administrative credentials in plaintext, allowing local network attackers to easily obtain them and compromise the device.
Vulnerability
The Netgear WNR614 router running firmware version JNR1010V2/N300-V1.1.0.54_1.0.1 stores administrative credentials in plaintext within the device's web management interface. This vulnerability is part of a cluster of unpatched security issues affecting the device, which is approaching end-of-life status [1]. No authentication is required to access the stored credentials if an attacker can reach the management interface.
Exploitation
An attacker on the same local network can access the router's management interface and retrieve the plaintext administrative credentials without any prior authentication. The credentials are stored in a readable format and can be extracted directly from the interface or through network traffic analysis [1]. The attack does not require user interaction or any special privileges beyond network access.
Impact
Successful exploitation grants the attacker full administrative control over the router. This enables them to modify network settings, intercept traffic, perform man-in-the-middle attacks, and potentially compromise all devices connected to the network. The plaintext storage of credentials also increases the risk of credential reuse attacks against other services [1].
Mitigation
Netgear has not released a patch for this vulnerability, and the device is considered end-of-life with no further firmware updates expected [1]. The only effective mitigation is to replace the router with a supported model that receives security updates. As a workaround, users should disable remote management and ensure the management interface is not exposed to the internet. Additionally, changing the default credentials and monitoring for unauthorized access can reduce risk, but does not eliminate the underlying vulnerability.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The router stores administrative usernames and passwords in plaintext within its configuration file, with no encryption or hashing applied."
Attack vector
An attacker on the same local network can access the router's web management interface (typically at 192.168.1.1) and retrieve the configuration file via `curl http://192.168.1.1/currentsetting.htm`, which returns the administrative username and password in plaintext [ref_id=1]. Because the router also suffers from authentication bypass (CWE-287), an unauthenticated attacker can perform this extraction without any login [ref_id=1]. The extracted credentials can then be reused across the network if the administrator reuses passwords, elevating the compromise from router takeover to full network credential theft [ref_id=1].
Affected code
The advisory identifies the Netgear WNR614 router's web management interface and configuration file as the affected components. The device stores administrative credentials in plaintext within its configuration file, retrievable via the `/currentsetting.htm` endpoint [ref_id=1].
What the fix does
The advisory states that Netgear has not released a patch for this vulnerability, and the device is approaching or has reached end-of-life support status [ref_id=1]. The only complete remediation recommended is replacing the WNR614 with a supported router model that receives active security updates [ref_id=1]. No fix is published.
Preconditions
- networkAttacker must be on the same local network as the router, or the router's management interface must be exposed to the internet
- authNo authentication required due to the authentication bypass vulnerability
Reproduction
Run the following command from a machine on the same local network as the router: `curl -s http://192.168.1.1/currentsetting.htm | grep -i "password"`. If the router responds with configuration data containing the password in plaintext (e.g., `password=admin123`), the vulnerability is confirmed [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.