Cyber Resilience

CVE-2024-9977

Medium

Published: 15 October 2024

Published
15 October 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.1109 93.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9977 is a medium-severity OS Command Injection (CWE-78) vulnerability. Its CVSS base score is 5.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-9977 is an OS command injection vulnerability, tracked under CWE-78, that affects the MitraStar GPT-2541GNAC router running firmware BR_g5.6_1.11(WVK.0)b26. The flaw resides in an unspecified function within the file /cgi-bin/settings-firewall.cgi on the Firewall Settings Page, where unsanitized input to the SrcInterface argument is passed to the operating system.

The vulnerability can be exploited remotely by an authenticated administrator to execute arbitrary operating system commands. Successful exploitation yields limited impacts to confidentiality, integrity, and availability on the affected device. An exploit for the issue has been made public.

The EPSS score for this CVE reached a peak of 0.1452 after disclosure, up from a lower baseline to the current value of 0.1109, indicating emerging exploitation interest. No vendor patch or official mitigation guidance is available, as early contact attempts with the manufacturer were unsuccessful.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It…

more

is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

The vulnerability enables remote exploitation of a public-facing web application (T1190) via OS command injection in the Firewall Settings Page CGI parameter, facilitating Unix Shell command execution (T1059.004) on the router.

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References