Saturday, 20 January 2018
Router Exploitation Shellsploit Vulnerability Analysis Vulnerability Scanner

CVE-2017-17411: Linksys WVBR0 25 Command Injection

Recently a security researcher Ricky Lawshae from Trend Micro discover a critical vulnerability on Linksys Wireless Bridge WVBR0-25 this allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0 WVBR0.

Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges.

 

Getting a Root Shell on a Linksys WVBR0 25

Exploit:
exploit/linux/http/linksys_wvbr0_user_agent_exec_noauth Metasploit module

This module is for exploiting vulnerable Linksys WVBR0-25 wireless video bridges using CVE-2017-17411. The vuln in question involves a command injection due to improper sanitization of the User-Agent header. The module makes an initial GET request to the root of the web server and checks the result for a vulnerable firmware version. If vulnerable, it makes a subsequent GET request with the User-Agent set to “; #. This can be verified against WVBR0-25 devices running firmware < 1.0.41.

Reference:

I started blogging around 2011 at #Ubuntupirates, #ProjectX and #pir8geek, I’m currently working as Network/Linux SysAdmin.
I’m a Linux,opensource advocate and interested in network security and InfoSec.

Post Comment

*

code