Sign-up

ID

VAR-201712-0291


CVE

CVE-2017-17411


TITLE

Linksys WVBR0 In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011749

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892. Linksys WVBR0 In OS A command injection vulnerability exists. Zero Day Initiative Does not address this vulnerability ZDI-CAN-4892 Was numbered.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. LinksysWVBR0 is a wireless network repeater device. The vulnerability stems from the failure to properly detect the user's data before the system call is executed. Linksys WVBR0-25 is vulnerable; other versions may also be affected

Trust: 3.15

sources: NVD: CVE-2017-17411 // JVNDB: JVNDB-2017-011749 // ZDI: ZDI-17-973 // CNVD: CNVD-2018-00537 // BID: 102212 // VULMON: CVE-2017-17411

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-00537

AFFECTED PRODUCTS

vendor:linksysmodel:wvbr0scope: - version: -

Trust: 1.3

vendor:linksysmodel:wvbr0scope:ltversion:1.0.41

Trust: 1.0

vendor:cisco linksysmodel:wvbr0scope: - version: -

Trust: 0.8

vendor:linksysmodel:wvbr0scope:eqversion:25

Trust: 0.3

sources: ZDI: ZDI-17-973 // CNVD: CNVD-2018-00537 // BID: 102212 // JVNDB: JVNDB-2017-011749 // NVD: CVE-2017-17411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17411
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-17411
value: CRITICAL

Trust: 0.8

ZDI: CVE-2017-17411
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-00537
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-593
value: CRITICAL

Trust: 0.6

VULMON: CVE-2017-17411
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-17411
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.6

CNVD: CNVD-2018-00537
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-17411
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-17-973 // CNVD: CNVD-2018-00537 // VULMON: CVE-2017-17411 // JVNDB: JVNDB-2017-011749 // CNNVD: CNNVD-201712-593 // NVD: CVE-2017-17411

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2017-011749 // NVD: CVE-2017-17411

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-593

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201712-593

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011749

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2017-17411

PATCH
title:Top Pageurl:https://www.linksys.com/us/
Trust: 0.8
title:MS17-010url:https://github.com/oneplus-x/MS17-010 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-17411 // 
            
            
            
            JVNDB: JVNDB-2017-011749

EXTERNAL IDS
db:NVDid:CVE-2017-17411
Trust: 4.1
db:ZDIid:ZDI-17-973
Trust: 2.1
db:BIDid:102212
Trust: 2.0
db:EXPLOIT-DBid:43363
Trust: 1.1
db:EXPLOIT-DBid:43429
Trust: 1.1
db:ZDIid:ZDI-17-944
Trust: 0.8
db:JVNDBid:JVNDB-2017-011749
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-4892
Trust: 0.7
db:CNVDid:CNVD-2018-00537
Trust: 0.6
db:CNNVDid:CNNVD-201712-593
Trust: 0.6
db:VULMONid:CVE-2017-17411
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-973 // 
            
            
            
            CNVD: CNVD-2018-00537 // 
            
            
            
            VULMON: CVE-2017-17411 // 
            
            
            
            BID: 102212 // 
            
            
            
            JVNDB: JVNDB-2017-011749 // 
            
            
            
            CNNVD: CNNVD-201712-593 // 
            
            
            
            NVD: CVE-2017-17411

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-17411
Trust: 1.4
url:https://www.exploit-db.com/exploits/43363/
Trust: 1.2
url:http://www.securityfocus.com/bid/102212
Trust: 1.2
url:https://zerodayinitiative.com/advisories/zdi-17-973
Trust: 1.1
url:https://github.com/rapid7/metasploit-framework/pull/9336
Trust: 1.1
url:https://www.exploit-db.com/exploits/43429/
Trust: 1.1
url:https://github.com/nixawk/labs/blob/master/cve-2017-17411/exploit-cve-2017-17411.py
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17411
Trust: 0.8
url:http://zerodayinitiative.com/advisories/zdi-17-944/
Trust: 0.8
url:https://www.linksys.com
Trust: 0.3
url:https://github.com/rapid7/metasploit-framework/issues/9304
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-17-973/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=57546
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/modules/exploit/linux/http/linksys_wvbr0_user_agent_exec_noauth
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-00537 // 
            
            
            
            VULMON: CVE-2017-17411 // 
            
            
            
            BID: 102212 // 
            
            
            
            JVNDB: JVNDB-2017-011749 // 
            
            
            
            NVD: CVE-2017-17411

CREDITS
Ricky "HeadlessZeke" Lawshae
Trust: 1.6
sources:
            
            
            ZDI: ZDI-17-973 // 
            
            
            
            BID: 102212 // 
            
            
            
            CNNVD: CNNVD-201712-593

SOURCES
db:ZDIid:ZDI-17-973
db:CNVDid:CNVD-2018-00537
db:VULMONid:CVE-2017-17411
db:BIDid:102212
db:JVNDBid:JVNDB-2017-011749
db:CNNVDid:CNNVD-201712-593
db:NVDid:CVE-2017-17411

LAST UPDATE DATE
2025-04-20T23:12:43.745000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-17-973date:2017-12-18T00:00:00
db:CNVDid:CNVD-2018-00537date:2018-01-09T00:00:00
db:VULMONid:CVE-2017-17411date:2018-08-28T00:00:00
db:BIDid:102212date:2017-12-19T21:01:00
db:JVNDBid:JVNDB-2017-011749date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201712-593date:2017-12-25T00:00:00
db:NVDid:CVE-2017-17411date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:ZDIid:ZDI-17-973date:2017-12-18T00:00:00
db:CNVDid:CNVD-2018-00537date:2018-01-09T00:00:00
db:VULMONid:CVE-2017-17411date:2017-12-21T00:00:00
db:BIDid:102212date:2017-12-18T00:00:00
db:JVNDBid:JVNDB-2017-011749date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201712-593date:2017-12-15T00:00:00
db:NVDid:CVE-2017-17411date:2017-12-21T14:29:00.520