Details of VAR-202406-2616

ID

VAR-202406-2616

CVE

CVE-2024-36788

TITLE

of netgear WNR614 Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-012007

DESCRIPTION

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices. of netgear WNR614 There are unspecified vulnerabilities in the firmware.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2024-36788 // JVNDB: JVNDB-2024-012007

AFFECTED PRODUCTS

vendor:	netgear	model:	wnr614	scope:	eq	version:	1.1.0.54_1.0.1	Trust: 1.0
vendor:	ネットギア	model:	wnr614	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wnr614	scope:	eq	version:	wnr614 firmware 1.1.0.54 1.0.1	Trust: 0.8
vendor:	ネットギア	model:	wnr614	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-012007 // NVD: CVE-2024-36788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-36788
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-36788
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-36788
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2024-36788
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	2.5
version:	3.1
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-36788
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.5
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2024-36788
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-012007 // NVD: CVE-2024-36788 // NVD: CVE-2024-36788

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-922	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-012007 // NVD: CVE-2024-36788

EXTERNAL IDS

db:	NVD	id:	CVE-2024-36788	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-012007	Trust: 0.8

sources: JVNDB: JVNDB-2024-012007 // NVD: CVE-2024-36788

REFERENCES

url:	https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-36788	Trust: 0.8

sources: JVNDB: JVNDB-2024-012007 // NVD: CVE-2024-36788

SOURCES

db:	JVNDB	id:	JVNDB-2024-012007
db:	NVD	id:	CVE-2024-36788

LAST UPDATE DATE

2024-11-08T23:27:14.429000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-012007	date:	2024-11-06T01:30:00
db:	NVD	id:	CVE-2024-36788	date:	2024-11-07T22:35:25.420

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-012007	date:	2024-11-06T00:00:00
db:	NVD	id:	CVE-2024-36788	date:	2024-06-07T15:15:50.233