CVE-2024-53942

Name of the Vulnerable Software and Affected Versions NRadio N8-180 NROS version 1.9.2.n3.c5

Description A problem was discovered in NRadio devices, where the "/cgi-bin/luci/nradio/basic/radio" endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters. This allows a remote attacker to execute arbitrary OS commands on the device with root-level permissions via crafted input.

Recommendations For NRadio N8-180 NROS version 1.9.2.n3.c5, as a temporary workaround, consider disabling access to the "/cgi-bin/luci/nradio/basic/radio" endpoint until a patch is available. Restrict the use of the 2.4 GHz and 5 GHz name parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.