CVE-2024-54807

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Mar 31, 2025

Updated: Apr 17, 2025

CWE ID 94

Summary

CVE-2024-54807 is a new vulnerability affecting Netgear WNR854T routers running version 1.5.2 (North America). The issue lies in the UPnP service where the function addmap_exec, responsible for parsing the NewInternalClient parameter of the AddPortMapping SOAPAction, fails to sanitize user input. An attacker can exploit this vulnerability by crafting a specially designed SOAPAction request for AddPortMapping via the router's WANIPConn1 service, leading to command injection and potentially arbitrary command execution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Netgear, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/1Tu0Th
https://www.cve.org/CVERecord?id=CVE-2024-54807
https://nvd.nist.gov/vuln/detail/CVE-2024-54807

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners

CVE-2024-54807

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations