Cyber Resilience

CVE-2024-57725

Medium

Published: 14 February 2025

Published
14 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.1501 94.7th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57725 is a medium-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2024-57725 affects the Arcadyan Livebox Fibra PRV3399B_B_LT router. The flaw is an unauthenticated endpoint at /firstconnection.cgi that permits modification of the GPON link value, classified under CWE-306 for missing authentication on a critical function. Successful abuse produces a denial-of-service condition that severs the device’s internet connectivity, reflected in the CVSS 6.5 score emphasizing high availability impact over an adjacent network vector with no required credentials.

An attacker positioned on the same local network segment, or able to reach the device remotely through an exposed interface, can issue a crafted request to the endpoint and alter the GPON configuration without authentication. The change immediately disrupts the WAN link, resulting in loss of internet service for any clients behind the router.

The associated EPSS score has reached a peak of 0.1538 with a current value of 0.1501, indicating moderate and relatively stable exploitation interest since disclosure. Public details are currently limited to a single GitHub repository containing technical analysis of the issue.

EU & UK References

Vulnerability details

An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Missing authentication on public CGI endpoint directly enables exploitation of the router's web interface (T1190); resulting GPON modification produces DoS but no other Enterprise techniques are directly facilitated.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21515Shared CWE-306
CVE-2025-57432Shared CWE-306
CVE-2026-27446Shared CWE-306
CVE-2026-21446Shared CWE-306
CVE-2021-47891Shared CWE-306
CVE-2025-41715Shared CWE-306
CVE-2026-24790Shared CWE-306
CVE-2025-21524Shared CWE-306
CVE-2025-53072Shared CWE-306
CVE-2025-40771Shared CWE-306

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the missing authentication for the critical /firstconnection.cgi endpoint by identifying and restricting actions like GPON link modification that can be performed without identification or authentication.

prevent

Requires unique identification and authentication for non-organizational users accessing router interfaces, preventing unauthorized modification of the GPON link value.

prevent

Enforces approved access authorizations to block unauthenticated remote or local attackers from exploiting the /firstconnection.cgi endpoint to disrupt internet service.

References