CVE-2024-54809

Name of the Vulnerable Software and Affected Versions Netgear Inc WNR854T version 1.5.2

Description The issue is a stack-based buffer overflow due to the use of a request header parameter in a strncpy function where the size is determined based on the input specified. This occurs in the parse st header function. An attacker can exploit this by sending a specially crafted packet, allowing them to take control of the program counter and hijack the control flow of the program to execute arbitrary system commands.

Recommendations For Netgear Inc WNR854T version 1.5.2, as a temporary workaround, consider disabling the parse st header function until a patch is available. Restrict access to the vulnerable parse st header function to minimize the risk of exploitation. Avoid using the request header parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.