CVE-2024-54809Stack-based Buffer Overflow in Netgear Wnr854t Firmware

CWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 59.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear Wnr854t Firmware
Timeline
PublishedMar 31

Description

Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take control of the program counter and hijack control flow of the program to execute arbitrary system commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2mf8-xmm6-qx35: Netgear Inc WNR854T 12025-03-31
CVEList
CVE-2024-54809: Netgear Inc WNR854T 12025-03-31
CVE-2024-54809 — Stack-based Buffer Overflow in Netgear | cvebase