CVE-2017-17411

Опубликовано: 21 дек. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Критический

Описание

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.

Ссылки

http://www.securityfocus.com/bid/102212
Third Party Advisory
VDB Entry
https://github.com/rapid7/metasploit-framework/pull/9336
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/43363/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/43429/
Exploit
Third Party Advisory
VDB Entry
https://zerodayinitiative.com/advisories/ZDI-17-973
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/102212
Third Party Advisory
VDB Entry
https://github.com/rapid7/metasploit-framework/pull/9336
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/43363/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/43429/
Exploit
Third Party Advisory
VDB Entry
https://zerodayinitiative.com/advisories/ZDI-17-973
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:linksys:wvbr0_firmware:*:*:*:*:*:*:*:*

Версия до 1.0.41 (исключая)

cpe:2.3:h:linksys:wvbr0:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.92161

Критический

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-xp6v-frx8-276h