CVE-2024-54806
Published: 31 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2024-54806 is an arbitrary command execution vulnerability in the cmd.cgi component of the Netgear WNR854T router version 1.5.2 (North America). It allows attackers to execute system commands via the web interface, stemming from improper input handling classified under CWE-94 (Code Injection). The flaw carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impact potential.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By crafting requests to the cmd.cgi endpoint, the attacker achieves arbitrary command execution on the router's underlying system, enabling full compromise with high confidentiality, integrity, and availability impacts, such as data theft, persistent access, or device disruption.
Mitigation details are available in the referenced advisory at https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#806, published in connection with multiple vulnerabilities on the WNR854T. Security practitioners should consult this source for patching guidance or workarounds specific to the affected firmware.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability enables remote arbitrary command execution via public-facing web interface (cmd.cgi) due to code injection, directly mapping to T1190 for initial access and T1059.004 for resulting Unix shell command execution on the router.