Vulnerability Details CVE-2024-54805
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.3%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2024-54805
-
cpe:2.3:h:netgear:wnr854t:-
-
cpe:2.3:o:netgear:wnr854t_firmware:1.5.2