Linksys WVBR0-25 is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input.
Successful exploit allows an attacker to execute arbitrary commands with user privileges in context of the affected device.
Linksys WVBR0-25 is vulnerable; other versions may also be affected.
Information
Exploit
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
References:
- linksys home page (linksys)
- CVE-2017-17411 - Linksys WVBR0 25 Command Injection (github)
- Linksys WVBR0 User-Agent Command Injection Remote Code Execution Vulnerability (zerodayinitiative)
- nixawk/labs (github)