CVE-2024-54806 | Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbit… | CVSS 9.8 CRITICAL

Description

Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface.

Metadata

CVE ID: CVE-2024-54806
State: PUBLISHED
Assigner: mitre
Reserved: 2024-12-06 00:00 UTC
Published: 2025-03-31 00:00 UTC
Last updated: 2025-04-02 14:07 UTC
Primary CWE: CWE-94
CWE-94 Improper Control of Generation of Code ('Code Injecti…
Vendor / Product: n/a / n/a
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
n/a	n/a	—	n/a

Weakness (CWE)

CWE	Source	Description
—	cna	n/a
CWE-94	adp	CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#806