CVE-2024-57725

Medium

Published: 14 February 2025

Published

14 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.1478 94.5th percentile

Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Description

An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.

Security Summary

CVE-2024-57725 is a vulnerability in the Arcadyan Livebox Fibra PRV3399B_B_LT router that allows a remote or local attacker to modify the GPON link value without authentication. This issue is exploitable through the /firstconnection.cgi endpoint and is classified under CWE-306 (Missing Authentication for Critical Function). The CVSS v3.1 base score is 6.5, reflecting medium severity with high impact on availability.

An attacker with adjacent network access (AV:A) can exploit this vulnerability with low complexity, no privileges, and no user interaction required. Successful exploitation modifies the GPON link value, resulting in a denial-of-service condition that disrupts internet service (C:N/I:N/A:H), without affecting confidentiality or integrity.

The primary reference for this vulnerability is available at https://github.com/pointedsec/CVE-2024-57725, which provides further details discovered by pointedsec. No additional patch or mitigation advisories are specified in the available information.

Details

CWE(s): CWE-306

References

https://github.com/pointedsec/CVE-2024-57725
cve@mitre.org