CVE-2017-17411

EPSS 87.9%CWE-78

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.

Affected products

Linksys · Linksys WVBR0

public PoCs found — 4

cve_referencewww.exploit-db.com/exploits/43429/unverified exploitdbwww.exploit-db.com/exploits/43429unverified exploitdbwww.exploit-db.com/exploits/43363unverified cve_referencewww.exploit-db.com/exploits/43363/unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/rapid7/metasploit-framework/pull/9336 https://www.exploit-db.com/exploits/43363/https://www.exploit-db.com/exploits/43429/https://zerodayinitiative.com/advisories/ZDI-17-973 http://www.securityfocus.com/bid/102212