nixawk/labs

[Exploit] CVE-2017-17411 - Linksys WVBR0 25 Command Injection

nixawk opened this issue · 0 comments

nixawk commented

Command Injection

echo "xxx.xxx.xxx.xxxUSER-AGENT" | md5sum
  • xxx.xxx.xxx.xxx is your ip.
  • USER-AGENT can be a command injection @string.

Send a http request with an command injection payload user-agent.

References

  1. https://www.thezdi.com/blog/2017/12/13/remote-root-in-directvs-wireless-video-bridge-a-tale-of-rage-and-despair
  2. https://thehackernews.com/2017/12/directv-wvb-hack.html
  3. https://github.com/nixawk/labs/blob/master/CVE-2017-17411/exploit-CVE-2017-17411.py