CVE-2018-17208 Information

Description

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection providing an attacker with full root access via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://langkjaer.com/velop.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8