The vulnerability in the cmd.cgi script of Netgear WNR854T router software allows a hacker to execute arbitrary commands.

The vulnerability in the cmd.cgi script of Netgear WNR854T router microprogramming software relates to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the advertise_res() function in the UPnP service of Netgear’s WNR854T router allows a hacker to execute arbitrary code.

The vulnerability of the advertiseres function of the UPnP service involves an escape from the buffer boundaries in memory when processing the M-SEARCH request header value. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted M-SEARCH...

The vulnerability in the web interface of Netgear WNR854T router software allows a hacker to execute arbitrary commands and gain full control over the device.

The vulnerability of the web interface of Netgear WNR854T router software lies in the lack of measures to neutralize special elements used in the operating system’s commands when processing the wanhostname parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the email notification sending function in Netgear WNR854T router software allows a hacker to execute arbitrary commands.

The vulnerability of the email notification sending function in Netgear WNR854T router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the emailaddress parameter. Exploiting this vulnerability allows ...

The vulnerability of the advertise_res() function in the UPnP service of Netgear’s WNR854T router allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the advertiseres function of the UPnP service involves the escape of operations beyond the buffer in memory when processing the M-SEARCH request header value. Exploitation of this vulnerability allows a remote attacker to execute arbitrary code or cause service failures by...

The vulnerability of the SetDefaultConnectionService() function in Netgear WNR854T router software allows a hacker to induce a service failure.

The vulnerability of the SetDefaultConnectionService function in Netgear WNR854T router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure...

The vulnerability of the parse_st() function in the UPnP service’s microprogramming software for Netgear WNR854T allows a hacker to execute arbitrary code.

The vulnerability of the parsest function in the UPnP service of Netgear’s WNR854T router software lies in the fact that the operation outside the buffer is allowed when processing the M-SEARCH request header value. Exploiting this vulnerability allows a remote attacker to execute arbitrary code ...

CVE-2024-54808

Netgear WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution...

CVE-2024-54807

In Netgear WNR854T 1.5.2 North America, the UPNP service is vulnerable to command injection in the function addmapexec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request f...

CVE-2024-54809

Netgear Inc WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the parsestheader function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take contr...

CVE-2024-54809

Netgear Inc WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the parsestheader function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take contr...

CVE-2024-54808

Netgear WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution...

CVE-2024-54807

In Netgear WNR854T 1.5.2 North America, the UPNP service is vulnerable to command injection in the function addmapexec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request f...

CVE-2024-54802

In Netgear WNR854T 1.5.2 North America, the UPNP service /usr/sbin/upnp is vulnerable to stack-based buffer overflow in the M-SEARCH Host header...

CVE-2024-54803

Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoepeermac and forcing a reboot. This will result in command injection...

CVE-2024-54806

Netgear WNR854T 1.5.2 North America is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface...

CVE-2024-54804

Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wanhostname and forcing a reboot. This will result in command injection...

CVE-2024-54802

In Netgear WNR854T 1.5.2 North America, the UPNP service /usr/sbin/upnp is vulnerable to stack-based buffer overflow in the M-SEARCH Host header...

CVE-2024-54804

Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wanhostname and forcing a reboot. This will result in command injection...

CVE-2024-54805

Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter getemail. After which, they can visit the sendlog.cgi endpoint which uses the parameter in a system call to achieve command execution...