CVE-2024-9977
Published: 15 October 2024
Summary
CVE-2024-9977 is a medium-severity OS Command Injection (CWE-78) vulnerability. Its CVSS base score is 5.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-9977 is an OS command injection vulnerability, tracked under CWE-78, that affects the MitraStar GPT-2541GNAC router running firmware BR_g5.6_1.11(WVK.0)b26. The flaw resides in an unspecified function within the file /cgi-bin/settings-firewall.cgi on the Firewall Settings Page, where unsanitized input to the SrcInterface argument is passed to the operating system.
The vulnerability can be exploited remotely by an authenticated administrator to execute arbitrary operating system commands. Successful exploitation yields limited impacts to confidentiality, integrity, and availability on the affected device. An exploit for the issue has been made public.
The EPSS score for this CVE reached a peak of 0.1452 after disclosure, up from a lower baseline to the current value of 0.1109, indicating emerging exploitation interest. No vendor patch or official mitigation guidance is available, as early contact attempts with the manufacturer were unsuccessful.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50258
Vulnerability details
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It…
more
is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote exploitation of a public-facing web application (T1190) via OS command injection in the Firewall Settings Page CGI parameter, facilitating Unix Shell command execution (T1059.004) on the router.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.