CVE-2024-54803

Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoepeermac and forcing a reboot. This will result in command injection...

CVE-2024-54805

Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter getemail. After which, they can visit the sendlog.cgi endpoint which uses the parameter in a system call to achieve command execution...

CVE-2024-54806

Netgear WNR854T 1.5.2 North America is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface...

NETGEAR WNR854T 安全漏洞

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the nvram parameter of the getemail function of the post.cgi file failing to correctly filter for constructed command special characters, commands...

CVE-2024-54806

Netgear WNR854T 1.5.2 North America is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface...

CVE-2024-54809

Netgear Inc WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the parsestheader function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take contr...

CVE-2024-54808

CVE-2024-54808 affects NETGEAR WNR854T running version 1.5.2 (North America). A stack-based buffer overflow in SetDefaultConnectionService arises from unconstrained use of sscanf, allowing control of the program counter and enabling arbitrary code execution. Multiple connected sources (NVD, Red H...

CVE-2024-54805

Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter getemail. After which, they can visit the sendlog.cgi endpoint which uses the parameter in a system call to achieve command execution...

CVE-2024-54809

The vulnerability concerns NETGEAR WNR854T (North America) with firmware version 1.5.2. A stack-based buffer overflow exists in the parse_st_header function caused by using a request header parameter in strncpy where the copy length is derived from input. By sending a specially crafted packet, an...

CVE-2024-54807

In Netgear WNR854T 1.5.2 North America, the UPNP service is vulnerable to command injection in the function addmapexec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request f...

CVE-2024-54807

Netgear WNR854T (North America) firmware 1.5.2 is affected. The UPNP service’s addmap_exec function incorrectly parses the NewInternalClient parameter of the AddPortMapping SOAPAction and passes it to a system call without proper sanitization, enabling arbitrary command execution via WANIPConn1. ...

Netgear WNR854T 安全漏洞

The NETGEAR WNR854T is a wireless router from NETGEAR. The NETGEAR WNR854T version 1.5.2 suffers from a buffer overflow vulnerability that originates from the UPNP service failing to properly validate the length of incoming data, which can be exploited by remote attackers to execute arbitrary cod...

CVE-2024-54802

In Netgear WNR854T 1.5.2 North America, the UPNP service /usr/sbin/upnp is vulnerable to stack-based buffer overflow in the M-SEARCH Host header...

CVE-2024-54808

Netgear WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution...

Netgear DC112A deviceName Command Injection Vulnerability

The Netgear DC112A is a wireless router. The Netgear DC112A suffers from a command injection vulnerability that originates in the usbadv.cgi handling of the deviceName parameter, which can be exploited by an attacker to submit a special request and execute arbitrary commands...

CVE-2024-54806

Netgear WNR854T (firmware 1.5.2, North America) is affected by CVE-2024-54806 due to an Arbitrary command execution in cmd.cgi. The root cause, as described in CNVD/RH/NVD entries, is that cmd.cgi does not adequately filter constructed commands and characters, enabling an attacker to execute syst...

CVE-2024-54805

Netgear WNR854T 1.5.2 (North America) is vulnerable to a Command Injection flaw. The vulnerability arises in the nvram get_email parameter used by post.cgi; a crafted request can update nvram, after which send_log.cgi uses that parameter in a system call to achieve command execution. This can be ...

CVE-2024-54802

In Netgear WNR854T 1.5.2 North America, the UPNP service /usr/sbin/upnp is vulnerable to stack-based buffer overflow in the M-SEARCH Host header...

CVE-2024-54809

Netgear Inc WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the parsestheader function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take contr...

CVE-2024-54806

Netgear WNR854T 1.5.2 North America is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface...