Primary

Context

Netgear WNR854T UPnP Command Injection Vulnerability Allowing Unauthenticated Remote Code Execution

Vulnerability

A command injection vulnerability has been identified in the Netgear WNR854T router, specifically in version 1.5.2 for North America. The issue arises within the UPnP service, where the 'AddPortMapping' SOAP action improperly sanitizes the 'NewInternalClient' parameter before passing it to a system call. This vulnerability allows attackers to execute arbitrary commands on the router via the WANIPConn1 service.

Impact

Exploitation of this vulnerability leads to unauthorized execution of commands on the router, with the potential for full system compromise.

Reproduction

To reproduce this vulnerability, send a crafted SOAP request to the router's UPnP 'AddPortMapping' action. Include an oversized 'NewInternalClient' value that contains the desired command. The command injection can be verified by observing the execution of the injected command on the router.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

7.9

relevance

0.0

threat

6.5

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

7.9

relevance

0.0

threat

6.5

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netgear WNR854T UPnP Command Injection Vulnerability Allowing Unauthenticated Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Netgear WNR854T

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating