CVE-2017-17411

9.8CRITICAL

Key Information

Vendor: Linksys
Status: Linksys Wvbr0
Vendor: CVE Published:; 21 December 2017

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.

Affected Version(s)

Linksys WVBR0 = WVBR0

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 21, 2017
Vulnerability Reserved.
Dec 5, 2017

Collectors

NVD DatabaseMitre Database