CVE-2024-54808
Published: 31 March 2025
Summary
CVE-2024-54808 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Netgear Wnr854T Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation and bounds checking of inputs to the SetDefaultConnectionService function to prevent stack-based buffer overflows from unconstrained sscanf usage.
Deploys memory protection mechanisms like stack canaries, ASLR, and non-executable stacks to block control of the program counter in stack buffer overflow exploits.
Directs timely remediation of the identified buffer overflow flaw in Netgear WNR854T firmware version 1.5.2 via patching to eliminate arbitrary code execution risk.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote unauthenticated stack-based buffer overflow enables arbitrary code execution on the router's exposed service, directly mapping to initial access via exploitation of a public-facing application (T1190) and subsequent command execution via Unix shell (T1059.004).
NVD Description
Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution.
Deeper analysisAI
CVE-2024-54808 is a stack-based buffer overflow vulnerability (CWE-121) in the Netgear WNR854T router running firmware version 1.5.2 for North America. The issue arises in the SetDefaultConnectionService function due to unconstrained use of the sscanf function, which can lead to overwriting the program counter and enabling arbitrary code execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.
The vulnerability is exploitable remotely over the network by unauthenticated attackers with no privileges required and no user interaction needed. Attackers can send specially crafted input to the affected function, triggering the buffer overflow and gaining control over the program's execution flow to achieve arbitrary code execution on the device. This could allow full compromise of the router, potentially enabling network pivoting, data interception, or further attacks on connected systems.
Details on the vulnerability, including the advisory, are available in the referenced analysis at https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#808. No vendor patches or specific mitigations are detailed in the provided information.
Details
- CWE(s)