CVE-2018-17208
Linksys Velop firmware 1.1.2.187020 is affected by an unauthenticated command injection in cgi-bin/zbtest.cgi and cgi-bin/zbtest2.cgi. The root cause is mishandling of shell metacharacters in the query string by ShellExecute, enabling full root access and CSRF exploitation. No patch/version or mi...