Cyber Resilience

CVE-2024-53942

Medium

Published: 03 February 2025

Published
03 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.1453 94.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53942 is a medium-severity OS Command Injection (CWE-78) vulnerability in Nradiowifi (inferred from references). Its CVSS base score is 4.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).

Deeper analysis

CVE-2024-53942 affects NRadio N8-180 devices running firmware NROS-1.9.2.n3.c5. The vulnerability is an OS command injection flaw (CWE-78) in the /cgi-bin/luci/nradio/basic/radio endpoint, where the 2.4 GHz and 5 GHz name parameters are insufficiently sanitized, permitting arbitrary command execution with root privileges.

A remote attacker without authentication can exploit the issue by submitting crafted input to the affected endpoint. Although the CVSS vector indicates high attack complexity, successful exploitation grants the ability to run operating-system commands on the device, resulting in limited confidentiality and integrity impacts.

Public references include technical details and demonstration material hosted on GitHub along with the vendor product page, but no vendor advisory or patch information is provided in the available sources.

The EPSS score rose from a low baseline to a peak of 0.1651, indicating that exploitation interest emerged after disclosure.

EU & UK References

Vulnerability details

An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level…

more

permissions) via crafted input.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Direct unauthenticated command injection via web CGI endpoint enables remote code execution on public-facing network device (T1190) using Unix shell commands (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-42454Shared CWE-78
CVE-2026-34796Shared CWE-78
CVE-2024-57016Shared CWE-78
CVE-2025-50475Shared CWE-78
CVE-2024-57015Shared CWE-78
CVE-2026-36828Shared CWE-78
CVE-2024-57595Shared CWE-78
CVE-2026-25196Shared CWE-78
CVE-2024-50566Shared CWE-78
CVE-2026-23592Shared CWE-78

Affected Assets

Nradiowifi
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents command injection by implementing validation mechanisms to sanitize unsanitized 2.4 GHz and 5 GHz name parameters at the vulnerable /cgi-bin/luci/nradio/basic/radio endpoint.

prevent

Enforces input restrictions at the web endpoint boundary to block malicious payloads in radio name parameters, such as shell metacharacters used for command injection.

prevent

Limits damage from successful root-level command injection by enforcing least privilege on the process handling the vulnerable endpoint.

References