S4E

CVE-2024-6646 Scanner

CVE-2024-6646 scanner - Information Disclosure vulnerability in Netgear WN604

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

1 month

Scan only one

Url

Toolbox

-

Netgear WN604 is a popular wireless access point used in small and medium-sized businesses for reliable internet connectivity. IT administrators use it to extend network coverage and improve wireless performance. The device is often employed in environments requiring robust wireless access with straightforward management capabilities. With the ability to serve multiple users and devices, the WN604 is integral in maintaining continuous and efficient network operations. Its ease of use and setup makes it a common choice for network expansion projects.

The Information Disclosure vulnerability in Netgear WN604 allows unauthorized access to sensitive information. This issue is located in the downloadFile.php interface, where improper validation permits attackers to retrieve files containing critical configuration details. Exploitation of this vulnerability can lead to unauthorized access to the router's administrative credentials. As a result, attackers could potentially control the router and compromise the security of the entire network.

The vulnerability lies in the downloadFile.php endpoint of the Netgear WN604, where a remote attacker can craft a specific request to access the "config" file. This file contains sensitive information such as administrator account and password details. The flaw is due to insufficient verification of the requested file's name or path, allowing attackers to download critical system configuration files. The endpoint responds with a 200 status code and serves the file with a content type of "application/force-download," confirming the presence of the vulnerability.

If exploited, this vulnerability could result in the disclosure of sensitive configuration files, including admin credentials. Attackers can leverage this access to gain unauthorized control over the router, manipulate network settings, or disrupt the network's operations. The compromised router could serve as a foothold for further attacks on connected devices, leading to a broader compromise of the network.

By using the S4E platform, you can quickly identify and mitigate vulnerabilities like the one affecting the Netgear WN604. Our platform offers comprehensive scanning capabilities, ensuring that your network devices are secure and up to date. Become a member today to benefit from continuous monitoring, timely alerts, and expert remediation advice that keeps your digital assets protected from emerging threats.

References:

Get started to protecting your Free Full Security Scan