\ CVE-2017-17411 - OS Command Injections vulnerability in Linksys Wvbr0 and Wvbr0 Firmware | Vumetric Cyber Portal

CVE-2017-17411 - OS Command Injections vulnerability in Linksys Wvbr0 and Wvbr0 Firmware

Publication

2017-12-21

Last modification

2018-08-28

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.

Classification

CWE-78 - OS Command Injections

Risk level (CVSS AV:N/AC:L/Au:N/C:C/I:C/A:C)

High

10

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Linksys Wvbr0 
Linksys Wvbr0 Firmware  1.0.41