CVE-2024-54805
Published: 31 March 2025
Summary
CVE-2024-54805 is a critical-severity Code Injection (CWE-94) vulnerability in Netgear Wnr854T Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-8 (Identification and Authentication (Non-organizational Users)) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of inputs like the get_email nvram parameter at post.cgi and send_log.cgi endpoints, directly preventing command injection.
IA-8 enforces identification and authentication for non-organizational users on the publicly accessible router web interface, blocking unauthenticated exploitation of the endpoints.
SI-2 mandates timely flaw remediation, including patching or correcting the command injection vulnerability in the WNR854T firmware.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote command injection in public web interface endpoints enables T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for arbitrary OS command execution via system calls.
NVD Description
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system…
more
call to achieve command execution.
Deeper analysisAI
CVE-2024-54805 is a command injection vulnerability (CWE-94) affecting the Netgear WNR854T router running firmware version 1.5.2 for North America. The issue exists in the web interface endpoints post.cgi and send_log.cgi, where the nvram parameter "get_email" is mishandled. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.
An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to post.cgi to overwrite the nvram "get_email" parameter with arbitrary commands. The attacker then triggers execution by accessing the send_log.cgi endpoint, which incorporates the tainted parameter into a system call, achieving arbitrary command injection on the underlying operating system.
Details on the vulnerability, including this CVE as one of eight disclosed for the WNR854T, are available in the advisory at https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#805. No patch or specific mitigation guidance is detailed in available information.
Details
- CWE(s)