CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:wnr614_firmware:1.1.0.54_1.0.1:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*

History

21 Nov 2024, 09:22

Type Values Removed Values Added
References () https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/ - Exploit, Third Party Advisory () https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/ - Exploit, Third Party Advisory

07 Nov 2024, 22:35

Type Values Removed Values Added
CWE CWE-922

05 Nov 2024, 14:38

Type Values Removed Values Added
Summary
  • (es) Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 no configura correctamente el indicador HTTPOnly para las cookies. Esto permite a los atacantes posiblemente interceptar y acceder a comunicaciones confidenciales entre el enrutador y los dispositivos conectados.
References () https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/ - () https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/ - Exploit, Third Party Advisory
First Time Netgear wnr614 Firmware
Netgear
Netgear wnr614
CWE NVD-CWE-Other
CPE cpe:2.3:o:netgear:wnr614_firmware:1.1.0.54_1.0.1:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr614:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8

07 Jun 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-07 15:15

Updated : 2024-11-21 09:22


NVD link : CVE-2024-36788

Mitre link : CVE-2024-36788

CVE.ORG link : CVE-2024-36788


JSON object : View

Products Affected

netgear

  • wnr614_firmware
  • wnr614
CWE
NVD-CWE-Other CWE-922

Insecure Storage of Sensitive Information