Details of VAR-202406-2007

ID

VAR-202406-2007

CVE

CVE-2024-36792

TITLE

of netgear WNR614 Vulnerability in firmware regarding storing critical information in plaintext in memory

Trust: 0.8

sources: JVNDB: JVNDB-2024-024397

DESCRIPTION

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin. of netgear WNR614 The firmware contains a vulnerability related to storing sensitive information in plaintext in memory.Information may be obtained and information may be tampered with. NETGEAR WNR614 is an N300 wireless router with an external antenna from Netgear. The vulnerability is caused by a problem in the WPS implementation. Attackers can exploit this vulnerability to access the router's password

Trust: 2.16

sources: NVD: CVE-2024-36792 // JVNDB: JVNDB-2024-024397 // CNVD: CNVD-2025-13432

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13432

AFFECTED PRODUCTS

vendor:	netgear	model:	wnr614	scope:	eq	version:	1.1.0.54_1.0.1	Trust: 1.0
vendor:	ネットギア	model:	wnr614	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wnr614	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wnr614	scope:	eq	version:	wnr614 firmware 1.1.0.54 1.0.1	Trust: 0.8
vendor:	netgear	model:	wnr614 jnr1010v2/n300-v1.1.0.54 1.0.1	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-13432 // JVNDB: JVNDB-2024-024397 // NVD: CVE-2024-36792

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-36792
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-024397
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-13432
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-13432
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:C/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-36792
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-024397
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-13432 // JVNDB: JVNDB-2024-024397 // NVD: CVE-2024-36792

PROBLEMTYPE DATA

problemtype:	CWE-316	Trust: 1.0
problemtype:	Storing sensitive information in plaintext in memory (CWE-316) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-024397 // NVD: CVE-2024-36792

EXTERNAL IDS

db:	NVD	id:	CVE-2024-36792	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-024397	Trust: 0.8
db:	CNVD	id:	CNVD-2025-13432	Trust: 0.6

sources: CNVD: CNVD-2025-13432 // JVNDB: JVNDB-2024-024397 // NVD: CVE-2024-36792

REFERENCES

url:	https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-36792	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2024-36792	Trust: 0.6

sources: CNVD: CNVD-2025-13432 // JVNDB: JVNDB-2024-024397 // NVD: CVE-2024-36792

SOURCES

db:	CNVD	id:	CNVD-2025-13432
db:	JVNDB	id:	JVNDB-2024-024397
db:	NVD	id:	CVE-2024-36792

LAST UPDATE DATE

2025-06-26T23:30:34.427000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13432	date:	2025-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-024397	date:	2025-05-30T02:20:00
db:	NVD	id:	CVE-2024-36792	date:	2025-05-29T16:12:10.893

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13432	date:	2025-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-024397	date:	2025-05-30T00:00:00
db:	NVD	id:	CVE-2024-36792	date:	2024-06-07T15:15:50.493