Details of VAR-202406-2615

ID

VAR-202406-2615

CVE

CVE-2024-36795

TITLE

of netgear WNR614 Path traversal vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-024408

DESCRIPTION

Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. of netgear WNR614 A path traversal vulnerability exists in firmware.Information may be tampered with. NETGEAR WNR614 is an N300 wireless router with an external antenna from NETGEAR Inc. Attackers can exploit this vulnerability to cause information leakage

Trust: 2.16

sources: NVD: CVE-2024-36795 // JVNDB: JVNDB-2024-024408 // CNVD: CNVD-2025-10687

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10687

AFFECTED PRODUCTS

vendor:	netgear	model:	wnr614	scope:	eq	version:	1.1.0.54_1.0.1	Trust: 1.0
vendor:	ネットギア	model:	wnr614	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wnr614	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wnr614	scope:	eq	version:	wnr614 firmware 1.1.0.54 1.0.1	Trust: 0.8
vendor:	netgear	model:	wnr614 v1.1.0.54 1.0.1	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-10687 // JVNDB: JVNDB-2024-024408 // NVD: CVE-2024-36795

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-36795
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-024408
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-10687
value:	LOW
Trust: 0.6

CNVD:	CNVD-2025-10687
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-36795
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-024408
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-10687 // JVNDB: JVNDB-2024-024408 // NVD: CVE-2024-36795

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-024408 // NVD: CVE-2024-36795

EXTERNAL IDS

db:	NVD	id:	CVE-2024-36795	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-024408	Trust: 0.8
db:	CNVD	id:	CNVD-2025-10687	Trust: 0.6

sources: CNVD: CNVD-2025-10687 // JVNDB: JVNDB-2024-024408 // NVD: CVE-2024-36795

REFERENCES

url:	https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-36795	Trust: 1.4

sources: CNVD: CNVD-2025-10687 // JVNDB: JVNDB-2024-024408 // NVD: CVE-2024-36795

SOURCES

db:	CNVD	id:	CNVD-2025-10687
db:	JVNDB	id:	JVNDB-2024-024408
db:	NVD	id:	CVE-2024-36795

LAST UPDATE DATE

2025-06-01T23:09:27.961000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10687	date:	2025-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2024-024408	date:	2025-05-30T02:39:00
db:	NVD	id:	CVE-2024-36795	date:	2025-05-29T16:14:02.487

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10687	date:	2025-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2024-024408	date:	2025-05-30T00:00:00
db:	NVD	id:	CVE-2024-36795	date:	2024-06-06T21:15:48.687