Vulnerability Details CVE-2024-54807
In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request for AddPortMapping via the router's WANIPConn1 service to achieve arbitrary command execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.8%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2024-54807
-
cpe:2.3:h:netgear:wnr854t:-
-
cpe:2.3:o:netgear:wnr854t_firmware:1.5.2