CVE-2024-54803

CVE-2024-54803 is a command injection vulnerability (CWE-94) in the Netgear WNR854T router version 1.5.2 for North America. The flaw occurs in the post.cgi script, where an attacker can send a specially crafted HTTP request to update the nvram parameter pppoe_peer_mac, triggering a forced reboot that results in command injection. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.

An unauthenticated attacker with network access to the router can exploit this vulnerability remotely with low complexity and no user interaction required. By crafting a malicious request to post.cgi, the attacker achieves arbitrary command injection during the reboot process, enabling potential full device compromise, execution of unauthorized commands, configuration manipulation, data exfiltration, or persistent denial of service.

Mitigation details are available in the referenced advisory at https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#803, published prior to the CVE assignment on 2025-03-31. Security practitioners should consult this source for patching guidance or workarounds specific to the affected firmware.