Summary: Security researcher Dylan has revealed eight critical zero-day vulnerabilities in the Netgear WNR854T router, which has been unsupported since its release in 2017. These vulnerabilities range from buffer overflows to command injection flaws, posing severe risks of remote code execution and unauthorized access. The vendor has declined to address the issues due to the device being classified as end-of-life (EOL).
Affected: Netgear WNR854T Router
Keypoints :
- Eight previously unknown zero-day vulnerabilities disclosed, including CVE-2024-54802 (stack-based buffer overflow) and several command injection flaws.
- Vulnerabilities allow potential full control over the router, with some exploiting methods persisting across reboots, leaving devices permanently accessible to attackers.
- The vendor, Netgear, will not remediate the issues as the device is no longer supported, posing long-term security risks for users.
Source: https://securityonline.info/8-zero-day-vulnerabilities-uncovered-in-netgear-wnr854t-router/