Wnr854t Firmware Security Vulnerabilities and Issues — Wnr854t Firmware CVE List

Lucene search

NetgearWnr854t Firmware

8 matches found

CVE•added 2025/03/31 9:15 p.m.•49 views

CVE-2024-54803

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection.

9.8CVSS7AI score0.01198EPSS

CVE•added 2025/03/31 9:15 p.m.•49 views

CVE-2024-54806

Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface.

9.8CVSS7.1AI score0.00343EPSS

CVE•added 2025/03/31 9:15 p.m.•48 views

CVE-2024-54807

In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request ...

9.8CVSS7.7AI score0.00688EPSS

CVE•added 2025/03/31 9:15 p.m.•47 views

CVE-2024-54809

Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take con...

9.8CVSS8.1AI score0.00074EPSS

CVE•added 2025/03/31 9:15 p.m.•46 views

CVE-2024-54802

In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header.

9.8CVSS7.4AI score0.00203EPSS

CVE•added 2025/03/31 9:15 p.m.•46 views

CVE-2024-54805

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command executio...

9.8CVSS7.2AI score0.00507EPSS

CVE•added 2025/03/31 9:15 p.m.•44 views

CVE-2024-54808

Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution.

9.8CVSS7.8AI score0.00241EPSS

CVE•added 2025/03/31 9:15 p.m.•41 views

CVE-2024-54804

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This will result in command injection.

9.8CVSS7.4AI score0.01198EPSS