CVE-2024-36788

CWE-9224 documents4 sources
Severity
4.8MEDIUM
EPSS
0.1%
top 74.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear Wnr614 Firmware
Timeline
PublishedJun 7
Latest updateJun 10

Description

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages1 packages

NVDnetgear/wnr614_firmware1.1.0.54_1.0.1

🔴Vulnerability Details

2
GHSA
GHSA-8f46-hh28-cq8h: Netgear WNR614 JNR1010V2 N300-V12024-06-07
CVEList
CVE-2024-36788: Netgear WNR614 JNR1010V2 N300-V12024-06-07

🕵️Threat Intelligence

1
Bleepingcomputer
Netgear WNR614 flaws allow device takeover, no fix available2024-06-10
CVE-2024-36788 (MEDIUM CVSS 4.8) | Netgear WNR614 JNR1010V2 N300-V1.1. | cvebase.io