CVE Number – CVE-2017-17411
A vulnerability in the web management portal of Linksys WVBRO-25 wireless video bridge devices could allow an unauthenticated, remote attacker to conduct a command injection attack on a targeted device.
The vulnerability is due to improper validation of user-supplied input in the User-Agent header by the affected software before the execution of a system call. An attacker could exploit this vulnerability by making a GET request that submits malicious input to the targeted device. An exploit could allow the attacker to execute arbitrary code with root privileges.
Functional code that demonstrates an exploit of this vulnerability is publicly available as part of the Metasploit Framework.
Linksys has confirmed the vulnerability and released software updates.
To exploit this vulnerability, an attacker must send a request to the targeted system, which may require access to trusted, internal networks. This access limitation reduces the likelihood of a successful exploit.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit this vulnerability.
Administrators can apply Snort SID 45453 to help prevent attacks that attempt to exploit this vulnerability.
Administrators are advised to monitor affected systems.
Vendor announcements are not available.
Linksys has released firmware version 1.0.41 to resolve this vulnerability, which has been rolled out to customers.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.