Details of VAR-202503-3273

ID

VAR-202503-3273

CVE

CVE-2024-54808

TITLE

of netgear WNR854T Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-022716

DESCRIPTION

Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution. (DoS) It may be in a state. NETGEAR WNR854T is a wireless router from NETGEAR. The vulnerability is caused by the SetDefaultConnectionService function failing to properly verify the length of the input data

Trust: 2.16

sources: NVD: CVE-2024-54808 // JVNDB: JVNDB-2024-022716 // CNVD: CNVD-2025-07797

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07797

AFFECTED PRODUCTS

vendor:	netgear	model:	wnr854t	scope:	eq	version:	1.5.2	Trust: 1.6
vendor:	ネットギア	model:	wnr854t	scope:	eq	version:	wnr854t firmware 1.5.2	Trust: 0.8
vendor:	ネットギア	model:	wnr854t	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wnr854t	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-07797 // JVNDB: JVNDB-2024-022716 // NVD: CVE-2024-54808

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-54808
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2024-022716
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-07797
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07797
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-54808
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-022716
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-07797 // JVNDB: JVNDB-2024-022716 // NVD: CVE-2024-54808

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-022716 // NVD: CVE-2024-54808

EXTERNAL IDS

db:	NVD	id:	CVE-2024-54808	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-022716	Trust: 0.8
db:	CNVD	id:	CNVD-2025-07797	Trust: 0.6

sources: CNVD: CNVD-2025-07797 // JVNDB: JVNDB-2024-022716 // NVD: CVE-2024-54808

REFERENCES

url:	https://faultpoint.com/post/2025-03-25-8-cves-on-the-wnr854t-junkyard/#808	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-54808	Trust: 1.4

sources: CNVD: CNVD-2025-07797 // JVNDB: JVNDB-2024-022716 // NVD: CVE-2024-54808

SOURCES

db:	CNVD	id:	CNVD-2025-07797
db:	JVNDB	id:	JVNDB-2024-022716
db:	NVD	id:	CVE-2024-54808

LAST UPDATE DATE

2025-04-25T01:33:38.518000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07797	date:	2025-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-022716	date:	2025-04-23T05:16:00
db:	NVD	id:	CVE-2024-54808	date:	2025-04-17T12:55:22.040

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07797	date:	2025-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-022716	date:	2025-04-23T00:00:00
db:	NVD	id:	CVE-2024-54808	date:	2025-03-31T21:15:48.310