Critical severity9.8NVD Advisory· Published Dec 21, 2017· Updated May 13, 2026

CVE-2017-17411

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.

Affected products

Linksys/Linksys WVBR0v5
Range: WVBR0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/rapid7/metasploit-framework/pull/9336nvdExploitThird Party Advisory
www.exploit-db.com/exploits/43363/nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/43429/nvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/102212nvdThird Party AdvisoryVDB Entry
zerodayinitiative.com/advisories/ZDI-17-973nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.074
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000