CVE-2024-36792
Description
An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The WPS implementation on Netgear WNR614 (N300) firmware v1.1.0.54_1.0.1 leaks the router's PIN, enabling attackers on the same LAN to bypass authentication and take over the device.
Vulnerability
An issue in the WPS implementation of Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows an attacker to obtain the router's WPS PIN, which can then be used to gain unauthorized access to the device's administrative interface. The vulnerability exists in the design of the WPS process, where the PIN is not properly protected. The affected firmware version is N300-V1.1.0.54_1.0.1. The device is end-of-life and no patch has been released by Netgear [1].
Exploitation
An attacker must be on the same local network as the router and have the ability to send wireless probe requests or initiate a WPS session. By exploiting the weak WPS implementation, the attacker can retrieve the router's PIN within a short time frame, typically using brute-force or PIN recovery techniques. No authentication is required prior to this step. Once the PIN is obtained, the attacker can connect to the router's management interface without further credentials [1].
Impact
Successful exploitation allows the attacker to gain full administrative access to the router. This can lead to complete compromise of the network, including the ability to monitor traffic, modify DNS settings, install malicious firmware, or use the device as a pivot point for further attacks against other devices on the network [1].
Mitigation
Netgear has not released a firmware patch for this vulnerability, and the router is end-of-life. Affected users are strongly advised to replace the device with a supported model. As a temporary workaround, disabling WPS in the router's settings can reduce the attack surface, but this does not eliminate other known vulnerabilities in the same device. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing authentication enforcement on the web management interface allows unauthenticated access to administrative pages and configuration files."
Attack vector
An attacker on the same local network can send a direct HTTP request to the router's management interface (e.g., `curl http://192.168.1.1/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=id`) to bypass authentication entirely [ref_id=1]. Once unauthenticated access is confirmed, the attacker can read the configuration file at `/currentsetting.htm` to extract plaintext administrative credentials [ref_id=1]. With those credentials, the attacker can modify DNS settings, inject malicious firmware, or enable remote management, completing the compromise in under five minutes [ref_id=1]. The advisory notes that if the management interface is exposed to the internet, the attack may also be possible from outside the local network [ref_id=1].
Affected code
The advisory identifies the web management interface of the Netgear WNR614 router (firmware version V1.0.0.34 and earlier) as the affected component. Specific endpoints such as `/setup.cgi`, `/currentsetting.htm`, and the session-handling logic are cited as vulnerable [ref_id=1]. No patch files are available for analysis.
What the fix does
No patch has been released by Netgear for the WNR614, which is approaching or has reached end-of-life status [ref_id=1]. The advisory's sole complete remediation is to replace the device with a supported router model that receives active security updates [ref_id=1]. As interim mitigations, the advisory recommends disabling remote management, isolating the management interface to a dedicated VLAN, changing default credentials to a long random password, and monitoring for unusual DNS changes or unexpected reboots [ref_id=1].
Preconditions
- networkAttacker must be on the same local network as the router, or the router's management interface must be exposed to the internet
- authNo authentication required; the bypass works without any valid credentials
- configRouter must be running firmware version V1.0.0.34 or earlier
Reproduction
The advisory provides a direct reproduction command: `curl -v http://192.168.1.1/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=id&curpath=/¤tsetting.htm=1` [ref_id=1]. If the router responds with system-level output such as `uid=0(root)`, the authentication bypass is confirmed [ref_id=1]. To extract plaintext credentials, run `curl -s http://192.168.1.1/currentsetting.htm | grep -i "password"` [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.