Back to search
CVE-2017-17411
Published: Dec 21, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
| Vendor | Product | Versions |
|---|---|---|
Linksys | Linksys WVBR0 | affected WVBR0 |
Weaknesses (CWE)
References
102212
vdb-entry
x_refsource_BID
https://github.com/rapid7/metasploit-framework/pull/9336
x_refsource_MISC
43363
exploit
x_refsource_EXPLOIT-DB
https://zerodayinitiative.com/advisories/ZDI-17-973
x_refsource_MISC
43429
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now