CVE-2017-17411

EPSS 87.9%CWE-78

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.

Produtos afetados

Linksys · Linksys WVBR0

PoCs públicas encontradas — 4

cve_referencewww.exploit-db.com/exploits/43429/não verificado exploitdbwww.exploit-db.com/exploits/43429não verificado exploitdbwww.exploit-db.com/exploits/43363não verificado cve_referencewww.exploit-db.com/exploits/43363/não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/rapid7/metasploit-framework/pull/9336 https://www.exploit-db.com/exploits/43363/https://www.exploit-db.com/exploits/43429/https://zerodayinitiative.com/advisories/ZDI-17-973 http://www.securityfocus.com/bid/102212