CVE-2024-54807
Published: 31 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2024-54807 is a command injection vulnerability (CWE-94) affecting the UPnP service in Netgear WNR854T routers running firmware version 1.5.2 for North America. The flaw occurs in the addmap_exec function, which parses the NewInternalClient parameter from the AddPortMapping SOAPAction without sanitization before incorporating it into a system call, enabling arbitrary command execution.
The vulnerability can be exploited remotely by an unauthenticated attacker over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By sending a specially crafted SOAPAction request for AddPortMapping via the router's WANIPConn1 service, the attacker achieves arbitrary command execution on the device.
Details on mitigation, including any patches or workarounds, are available in the advisory at https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#807.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote command injection in public-facing UPnP service enables arbitrary command execution on the router via unsanitized system calls, directly mapping to T1190 (exploit public-facing application) and T1059.004 (Unix shell command execution).