CVE-2024-54806
Published: 31 March 2025
Summary
CVE-2024-54806 is a critical-severity Code Injection (CWE-94) vulnerability in Netgear Wnr854T Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely identification, reporting, and correction of the arbitrary command execution flaw in cmd.cgi through firmware patching.
Prevents exploitation of the code injection vulnerability by enforcing validation and sanitization of all inputs to the cmd.cgi web interface endpoint.
Complements input validation by restricting the types and quantities of data inputs to cmd.cgi, blocking malicious command strings.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote arbitrary command execution via public-facing web interface (cmd.cgi) due to code injection, directly mapping to T1190 for initial access and T1059.004 for resulting Unix shell command execution on the router.
NVD Description
Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface.
Deeper analysisAI
CVE-2024-54806 is an arbitrary command execution vulnerability in the cmd.cgi component of the Netgear WNR854T router version 1.5.2 (North America). It allows attackers to execute system commands via the web interface, stemming from improper input handling classified under CWE-94 (Code Injection). The flaw carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impact potential.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By crafting requests to the cmd.cgi endpoint, the attacker achieves arbitrary command execution on the router's underlying system, enabling full compromise with high confidentiality, integrity, and availability impacts, such as data theft, persistent access, or device disruption.
Mitigation details are available in the referenced advisory at https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#806, published in connection with multiple vulnerabilities on the WNR854T. Security practitioners should consult this source for patching guidance or workarounds specific to the affected firmware.
Details
- CWE(s)