Home > Vulnerability Database > CVE-2024-54780

Mend.io Vulnerability Database

CVE-2024-54780

Date: May 13, 2025

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp parameter.

Severity Score

8.8

Related Resources (5)

Url: http://netgate.com

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-54780

Url: https://www.netgate.com/blog/important-security-updates-for-pfsense-plus-24.11-and-ce-2.7.2

Url: https://blog.brillantit.com/exploiting-pfsense-xss-command-injection-cloud-hijack/

Url: https://www.mend.io/vulnerability-database/CVE-2024-54780

Severity Score

8.8

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-54780

Date: May 13, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?