CVE-2018-17208
Summary
| CVE | CVE-2018-17208 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-09-19 17:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Linksys | Velop | - | All | All | All |
| Hardware | Linksys | Velop | - | All | All | All |
| Operating System | Linksys | Velop Firmware | 1.1.2.187020 | All | All | All |
| Operating System | Linksys | Velop Firmware | 1.1.2.187020 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 404 Not Found | MISC | langkjaer.com | Exploit, Technical Description, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.