← volver
CVE-2017-17411

CVE-2017-17411

EPSS 87.9%CWE-78
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
Productos afectados
Linksys · Linksys WVBR0
PoCs públicas encontradas4
cve_referencewww.exploit-db.com/exploits/43429/no verificadoexploitdbwww.exploit-db.com/exploits/43429no verificadoexploitdbwww.exploit-db.com/exploits/43363no verificadocve_referencewww.exploit-db.com/exploits/43363/no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/rapid7/metasploit-framework/pull/9336https://www.exploit-db.com/exploits/43363/https://www.exploit-db.com/exploits/43429/https://zerodayinitiative.com/advisories/ZDI-17-973http://www.securityfocus.com/bid/102212