Vulnerability Details : CVE-2017-17411
Public exploit exists!
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2017-17411
Probability of exploitation activity in the next 30 days: 97.41%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2017-17411
-
Linksys WVBR0-25 User-Agent Command Execution
Disclosure Date: 2017-12-13First seen: 2020-04-26exploit/linux/http/linksys_wvbr0_user_agent_exec_noauthThe Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in version < 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exp
CVSS scores for CVE-2017-17411
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-17411
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by:
- nvd@nist.gov (Primary)
- zdi-disclosures@trendmicro.com (Secondary)
References for CVE-2017-17411
-
https://zerodayinitiative.com/advisories/ZDI-17-973
ZDI-17-973 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://github.com/rapid7/metasploit-framework/pull/9336
Adds exploit module for CVE-2017-17411 by headlesszeke · Pull Request #9336 · rapid7/metasploit-framework · GitHubExploit;Third Party Advisory
-
https://www.exploit-db.com/exploits/43363/
Linksys WVBR0 - 'User-Agent' Remote Command InjectionExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/102212
Linksys WVBR0-25 CVE-2017-17411 Remote Command Injection VulnerabilityThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/43429/
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit)Exploit;Third Party Advisory;VDB Entry
Products affected by CVE-2017-17411
- cpe:2.3:o:linksys:wvbr0_firmware:*:*:*:*:*:*:*:*