Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Linksys WVBR0 by Linksys

    CVE-2017-17411 (GCVE-0-2017-17411)

    Vulnerability from nvd – Published: 2017-12-21 14:00 – Updated: 2024-08-05 20:51
    VLAI
    Summary
    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
    Severity
    No CVSS data available.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Linksys Linksys WVBR0 Affected: WVBR0
    Create a notification for this product.
    Date Public
    2017-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:51:31.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102212",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102212"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/rapid7/metasploit-framework/pull/9336"
              },
              {
                "name": "43363",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/43363/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://zerodayinitiative.com/advisories/ZDI-17-973"
              },
              {
                "name": "43429",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/43429/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Linksys WVBR0",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "WVBR0"
                }
              ]
            }
          ],
          "datePublic": "2017-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78-Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-28T20:57:01.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "102212",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102212"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rapid7/metasploit-framework/pull/9336"
            },
            {
              "name": "43363",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/43363/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://zerodayinitiative.com/advisories/ZDI-17-973"
            },
            {
              "name": "43429",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/43429/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "zdi-disclosures@trendmicro.com",
              "ID": "CVE-2017-17411",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Linksys WVBR0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WVBR0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Linksys"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78-Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102212",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102212"
                },
                {
                  "name": "https://github.com/rapid7/metasploit-framework/pull/9336",
                  "refsource": "MISC",
                  "url": "https://github.com/rapid7/metasploit-framework/pull/9336"
                },
                {
                  "name": "43363",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/43363/"
                },
                {
                  "name": "https://zerodayinitiative.com/advisories/ZDI-17-973",
                  "refsource": "MISC",
                  "url": "https://zerodayinitiative.com/advisories/ZDI-17-973"
                },
                {
                  "name": "43429",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/43429/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2017-17411",
        "datePublished": "2017-12-21T14:00:00.000Z",
        "dateReserved": "2017-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:51:31.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-17411 (GCVE-0-2017-17411)

    Vulnerability from cvelistv5 – Published: 2017-12-21 14:00 – Updated: 2024-08-05 20:51
    VLAI
    Summary
    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
    Severity
    No CVSS data available.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    Linksys Linksys WVBR0 Affected: WVBR0
    Create a notification for this product.
    Date Public
    2017-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:51:31.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102212",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102212"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/rapid7/metasploit-framework/pull/9336"
              },
              {
                "name": "43363",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/43363/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://zerodayinitiative.com/advisories/ZDI-17-973"
              },
              {
                "name": "43429",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/43429/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Linksys WVBR0",
              "vendor": "Linksys",
              "versions": [
                {
                  "status": "affected",
                  "version": "WVBR0"
                }
              ]
            }
          ],
          "datePublic": "2017-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78-Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-28T20:57:01.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "102212",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102212"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rapid7/metasploit-framework/pull/9336"
            },
            {
              "name": "43363",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/43363/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://zerodayinitiative.com/advisories/ZDI-17-973"
            },
            {
              "name": "43429",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/43429/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "zdi-disclosures@trendmicro.com",
              "ID": "CVE-2017-17411",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Linksys WVBR0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WVBR0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Linksys"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78-Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102212",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102212"
                },
                {
                  "name": "https://github.com/rapid7/metasploit-framework/pull/9336",
                  "refsource": "MISC",
                  "url": "https://github.com/rapid7/metasploit-framework/pull/9336"
                },
                {
                  "name": "43363",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/43363/"
                },
                {
                  "name": "https://zerodayinitiative.com/advisories/ZDI-17-973",
                  "refsource": "MISC",
                  "url": "https://zerodayinitiative.com/advisories/ZDI-17-973"
                },
                {
                  "name": "43429",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/43429/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2017-17411",
        "datePublished": "2017-12-21T14:00:00.000Z",
        "dateReserved": "2017-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:51:31.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }