First published: Thu Dec 21 2017(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
Credit: zdi-disclosures@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linksys Wvbr0 Firmware | <1.0.41 | |
Linksys WVBR0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-17411 is critical, with a severity value of 9.8.
CVE-2017-17411 allows attackers to execute arbitrary code by exploiting a flaw in the web management portal of Linksys WVBR0.
No, authentication is not required to exploit CVE-2017-17411.
The affected software of CVE-2017-17411 is Linksys WVBR0 Firmware up to version 1.0.41.
To fix CVE-2017-17411, it is recommended to update Linksys WVBR0 Firmware to a version beyond 1.0.41.