CVE-2017-17411 — CRITICAL (9.8)

Q: How severe is CVE-2017-17411?

CVE-2017-17411 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-17411?

Check the references section above for vendor advisories and patch information. Affected products include: Linksys Wvbr0 Firmware, Linksys Wvbr0.

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linksys	Wvbr0 Firmware	< 1.0.41
Linksys	Wvbr0	-

Related Weaknesses (CWE)

CWE-78

References

http://www.securityfocus.com/bid/102212Third Party AdvisoryVDB Entry
https://github.com/rapid7/metasploit-framework/pull/9336ExploitThird Party Advisory
https://www.exploit-db.com/exploits/43363/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/43429/ExploitThird Party AdvisoryVDB Entry
https://zerodayinitiative.com/advisories/ZDI-17-973Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/102212Third Party AdvisoryVDB Entry
https://github.com/rapid7/metasploit-framework/pull/9336ExploitThird Party Advisory
https://www.exploit-db.com/exploits/43363/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/43429/ExploitThird Party AdvisoryVDB Entry
https://zerodayinitiative.com/advisories/ZDI-17-973Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-17411?

CVE-2017-17411 is a vulnerability with a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exist...

How severe is CVE-2017-17411?

CVE-2017-17411 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-17411?

Check the references section above for vendor advisories and patch information. Affected products include: Linksys Wvbr0 Firmware, Linksys Wvbr0.