Cyber Resilience

CVE-2024-54806

CriticalPublic PoCRCE

Published: 31 March 2025

Published
31 March 2025
Modified
17 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0093 76.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54806 is a critical-severity Code Injection (CWE-94) vulnerability in Netgear Wnr854T Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 23.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-54806 is an arbitrary command execution vulnerability in the cmd.cgi component of the Netgear WNR854T router version 1.5.2 (North America). It allows attackers to execute system commands via the web interface, stemming from improper input handling classified under CWE-94 (Code Injection). The flaw carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impact potential.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By crafting requests to the cmd.cgi endpoint, the attacker achieves arbitrary command execution on the router's underlying system, enabling full compromise with high confidentiality, integrity, and availability impacts, such as data theft, persistent access, or device disruption.

Mitigation details are available in the referenced advisory at https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#806, published in connection with multiple vulnerabilities on the WNR854T. Security practitioners should consult this source for patching guidance or workarounds specific to the affected firmware.

EU & UK References

Vulnerability details

Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Vulnerability enables remote arbitrary command execution via public-facing web interface (cmd.cgi) due to code injection, directly mapping to T1190 for initial access and T1059.004 for resulting Unix shell command execution on the router.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-54804Same product: Netgear Wnr854T
CVE-2024-54807Same product: Netgear Wnr854T
CVE-2024-54805Same product: Netgear Wnr854T
CVE-2024-54803Same product: Netgear Wnr854T
CVE-2024-54808Same product: Netgear Wnr854T
CVE-2024-54802Same product: Netgear Wnr854T
CVE-2024-54809Same product: Netgear Wnr854T
CVE-2024-12847Same vendor: Netgear
CVE-2025-28219Same vendor: Netgear
CVE-2022-40619Same vendor: Netgear

Affected Assets

netgear
wnr854t firmware
1.5.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely identification, reporting, and correction of the arbitrary command execution flaw in cmd.cgi through firmware patching.

prevent

Prevents exploitation of the code injection vulnerability by enforcing validation and sanitization of all inputs to the cmd.cgi web interface endpoint.

prevent

Complements input validation by restricting the types and quantities of data inputs to cmd.cgi, blocking malicious command strings.

References