Lucene search
Ricky "HeadlessZeke" LawshaeZDI-17-973HistoryDec 18, 2017 - 12:00 a.m.
(0Day) Linksys WVBR0 User-Agent Command Injection Remote Code Execution Vulnerability
2017-12-1800:00:00
Ricky "HeadlessZeke" Lawshae
www.zerodayinitiative.com
30
EPSS
0.974
Percentile
99.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges.
Related
exploitpack
exploitpack
Linksys WVBR0 - User-Agent Remote Command Injection
2017-12-14 00:00:00
nvd
nvd
CVE-2017-17411
2017-12-21 14:29:00
zdt
zdt
Linksys WVBR0 - User-Agent Remote Command Injection Exploit
2017-12-19 00:00:00
Linksys WVBR0-25 User-Agent Command Execution Exploit
2018-01-04 00:00:00
openvas
openvas
Linksys WVBRO25 RCE Vulnerability
2017-12-22 00:00:00
exploitdb
exploitdb
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit)
2018-01-04 00:00:00
Linksys WVBR0 - 'User-Agent' Remote Command Injection
2017-12-14 00:00:00
cve
cve
CVE-2017-17411
2017-12-21 14:29:00
cvelist
cvelist
CVE-2017-17411
2017-12-21 14:00:00
packetstorm
packetstorm
Linksys WVBR0-25 User-Agent Command Execution
2018-01-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Linksys WVBR0-25 Command Injection (CVE-2017-17411)
2018-05-28 00:00:00
metasploit
metasploit
Linksys WVBR0-25 User-Agent Command Execution
2017-12-21 23:44:35
seebug
seebug
Linksys WVBR0 25 Command Injection(CVE-2017-17411)
2017-12-15 00:00:00
prion
prion
Design/Logic Flaw
2017-12-21 14:29:00