CVE-2024-57725

Medium

Published: 14 February 2025

Published

14 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.1501 94.6th percentile

Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57725 is a medium-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Directly mitigates the missing authentication for the critical /firstconnection.cgi endpoint by identifying and restricting actions like GPON link modification that can be performed without identification or authentication.

IA-8 Identification and Authentication (Non-organizational Users) good match

prevent

Requires unique identification and authentication for non-organizational users accessing router interfaces, preventing unauthorized modification of the GPON link value.

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations to block unauthenticated remote or local attackers from exploiting the /firstconnection.cgi endpoint to disrupt internet service.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Missing authentication on public CGI endpoint directly enables exploitation of the router's web interface (T1190); resulting GPON modification produces DoS but no other Enterprise techniques are directly facilitated.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.

Deeper analysisAI

CVE-2024-57725 is a vulnerability in the Arcadyan Livebox Fibra PRV3399B_B_LT router that allows a remote or local attacker to modify the GPON link value without authentication. This issue is exploitable through the /firstconnection.cgi endpoint and is classified under CWE-306 (Missing Authentication for Critical Function). The CVSS v3.1 base score is 6.5, reflecting medium severity with high impact on availability.

An attacker with adjacent network access (AV:A) can exploit this vulnerability with low complexity, no privileges, and no user interaction required. Successful exploitation modifies the GPON link value, resulting in a denial-of-service condition that disrupts internet service (C:N/I:N/A:H), without affecting confidentiality or integrity.

The primary reference for this vulnerability is available at https://github.com/pointedsec/CVE-2024-57725, which provides further details discovered by pointedsec. No additional patch or mitigation advisories are specified in the available information.

Details

CWE(s): CWE-306

CVEs Like This One

CVE-2026-1453Shared CWE-306

CVE-2026-31882Shared CWE-306

CVE-2025-27642Shared CWE-306

CVE-2021-47891Shared CWE-306

CVE-2026-26340Shared CWE-306

CVE-2025-3498Shared CWE-306

CVE-2025-52665Shared CWE-306

CVE-2025-0355Shared CWE-306

CVE-2026-24177Shared CWE-306

CVE-2026-22207Shared CWE-306

References

https://github.com/pointedsec/CVE-2024-57725
cve@mitre.org