CVE-2024-54808
Published: 31 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2024-54808 is a stack-based buffer overflow vulnerability (CWE-121) in the Netgear WNR854T router running firmware version 1.5.2 for North America. The issue arises in the SetDefaultConnectionService function due to unconstrained use of the sscanf function, which can lead to overwriting the program counter and enabling arbitrary code execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.
The vulnerability is exploitable remotely over the network by unauthenticated attackers with no privileges required and no user interaction needed. Attackers can send specially crafted input to the affected function, triggering the buffer overflow and gaining control over the program's execution flow to achieve arbitrary code execution on the device. This could allow full compromise of the router, potentially enabling network pivoting, data interception, or further attacks on connected systems.
Details on the vulnerability, including the advisory, are available in the referenced analysis at https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#808. No vendor patches or specific mitigations are detailed in the provided information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The remote unauthenticated stack-based buffer overflow enables arbitrary code execution on the router's exposed service, directly mapping to initial access via exploitation of a public-facing application (T1190) and subsequent command execution via Unix shell (T1059.004).