Cyber Resilience

CVE-2024-57542

HighPublic PoC

Published: 21 January 2025

Published
21 January 2025
Modified
22 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0160 82.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57542 is a high-severity OS Command Injection (CWE-78) vulnerability in Linksys E8450 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-57542 is a command injection vulnerability (CWE-78) in the Linksys E8450 router running firmware version v1.2.00.360516. The flaw is exploitable through the "id_email_check_btn" field, allowing arbitrary command execution on the affected device.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating that an attacker on an adjacent network can exploit it with low attack complexity, no required privileges, and no user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, enabling full device compromise such as remote code execution.

References for CVE-2024-57542 direct to a GitHub repository at https://github.com/Wood1314/Linksys_E8450_vul/blob/main/4/4.md, which documents the issue but does not specify official patches or mitigation guidance in the available details.

EU & UK References

Vulnerability details

Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field id_email_check_btn.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection vulnerability in the router's web interface (id_email_check_btn) enables exploitation of a public-facing application (T1190) for remote code execution via Unix shell commands (T1059.004).

CVEs Like This One

CVE-2024-57539Same product: Linksys E8450
CVE-2024-57536Same product: Linksys E8450
CVE-2025-8821Same vendor: Linksys
CVE-2026-6992Same vendor: Linksys
CVE-2025-9575Same vendor: Linksys
CVE-2025-8828Same vendor: Linksys
CVE-2025-8829Same vendor: Linksys
CVE-2025-29228Same vendor: Linksys
CVE-2025-29230Same vendor: Linksys
CVE-2025-9244Same vendor: Linksys

Affected Assets

linksys
e8450 firmware
1.2.00.360516

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates this specific command injection vulnerability by requiring identification, reporting, and timely remediation such as applying firmware patches for CVE-2024-57542.

prevent

Prevents command injection exploitation via the id_email_check_btn field by enforcing validation of all organization-defined information inputs using appropriate tools and procedures.

prevent

Limits the scope and impact of arbitrary command execution from this vulnerability by ensuring executing processes operate with least privileges necessary.

References