CVE-2017-17411
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
References
- http://www.securityfocus.com/bid/102212
- https://github.com/rapid7/metasploit-framework/pull/9336
- https://www.exploit-db.com/exploits/43363/
- https://www.exploit-db.com/exploits/43429/
- https://zerodayinitiative.com/advisories/ZDI-17-973
- http://www.securityfocus.com/bid/102212
- https://github.com/rapid7/metasploit-framework/pull/9336
- https://www.exploit-db.com/exploits/43363/
- https://www.exploit-db.com/exploits/43429/
- https://zerodayinitiative.com/advisories/ZDI-17-973
CWEs
CWE-78
Verify integrity in audit chain (admin only). AS-IS.