CVE-2024-54804
Published: 31 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2024-54804 is a command injection vulnerability (CWE-94) affecting the Netgear WNR854T router running firmware version 1.5.2 for North America. The flaw exists in the post.cgi script, where an attacker can send a specially crafted HTTP request to update the nvram parameter wan_hostname. This action forces a router reboot and triggers command injection during the process. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.
An unauthenticated attacker with network access to the router can exploit this vulnerability remotely with low complexity and no user interaction required. By crafting and sending the malicious request to post.cgi, the attacker injects arbitrary commands executed with elevated privileges during the reboot, potentially achieving full compromise of the device, including data theft, modification of configurations, or disruption of network services.
Further details on the vulnerability, including reproduction steps, are available in the advisory at https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#804. No vendor patches or specific mitigations are detailed in the provided information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes unauthenticated remote command injection via the router's public web interface (post.cgi), directly enabling T1190 for initial access to a public-facing application and T1059.004 for arbitrary Unix shell command execution with elevated privileges.