CVE-2024-53942
Published: 03 February 2025
Summary
CVE-2024-53942 is a medium-severity OS Command Injection (CWE-78) vulnerability in Nradiowifi (inferred from references). Its CVSS base score is 4.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).
Deeper analysis
CVE-2024-53942 affects NRadio N8-180 devices running firmware NROS-1.9.2.n3.c5. The vulnerability is an OS command injection flaw (CWE-78) in the /cgi-bin/luci/nradio/basic/radio endpoint, where the 2.4 GHz and 5 GHz name parameters are insufficiently sanitized, permitting arbitrary command execution with root privileges.
A remote attacker without authentication can exploit the issue by submitting crafted input to the affected endpoint. Although the CVSS vector indicates high attack complexity, successful exploitation grants the ability to run operating-system commands on the device, resulting in limited confidentiality and integrity impacts.
Public references include technical details and demonstration material hosted on GitHub along with the vendor product page, but no vendor advisory or patch information is provided in the available sources.
The EPSS score rose from a low baseline to a peak of 0.1651, indicating that exploitation interest emerged after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52204
Vulnerability details
An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level…
more
permissions) via crafted input.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated command injection via web CGI endpoint enables remote code execution on public-facing network device (T1190) using Unix shell commands (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents command injection by implementing validation mechanisms to sanitize unsanitized 2.4 GHz and 5 GHz name parameters at the vulnerable /cgi-bin/luci/nradio/basic/radio endpoint.
Enforces input restrictions at the web endpoint boundary to block malicious payloads in radio name parameters, such as shell metacharacters used for command injection.
Limits damage from successful root-level command injection by enforcing least privilege on the process handling the vulnerable endpoint.