CVE-2024-54809
Published: 31 March 2025
Summary
CVE-2024-54809 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Netgear Wnr854T Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces validation of request header parameters to prevent stack-based buffer overflows from specially crafted input-derived sizes in parse_st_header.
Provides memory safeguards such as non-executable stacks, address randomization, and canaries to block control flow hijacking and arbitrary command execution from buffer overflows.
Requires timely flaw remediation through firmware patching to eliminate the buffer overflow vulnerability in the Netgear WNR854T parse_st_header function.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The stack-based buffer overflow enables remote unauthenticated RCE on a public-facing router service by allowing crafted packets to hijack control flow and execute arbitrary commands, directly mapping to exploitation of public-facing applications.
NVD Description
Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially…
more
crafted packet, an attacker can take control of the program counter and hijack control flow of the program to execute arbitrary system commands.
Deeper analysisAI
CVE-2024-54809 is a stack-based buffer overflow vulnerability (CWE-121) in the Netgear WNR854T router version 1.5.2 for North America. The flaw occurs in the parse_st_header function, where a request header parameter is passed to a strncpy call with a size value derived from the input itself, enabling overflow conditions.
An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a specially crafted packet, the attacker can seize control of the program counter, hijack the program's control flow, and execute arbitrary system commands, potentially leading to full device compromise. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.
Mitigation details are available in the referenced advisory at https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#809, published in relation to CVE-2024-54809 (CVE published 2025-03-31).
Details
- CWE(s)