CVE-2018-17208
Last modified
CVE-2018-17208 is a vulnerability of currently unknown severity. Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. EPSS estimates a 2.53% chance of exploitation in the next 30 days.
Description
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linksys | Velop Firmware | 1.1.2.187020 |
References
- https://langkjaer.com/velop.htmlExploit, Technical Description, Third Party Advisory
- https://langkjaer.com/velop.htmlExploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-17208?
How severe is CVE-2018-17208?
How do I fix CVE-2018-17208?
Are you affected by CVE-2018-17208?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST