HTTP: Command Injection Detected on HTTP User Agent Header
This signature detects specific characters, typically used in command injection, within an HTTP connection. Because these characters are not normally used in HTTP, this can indicate a command injection attack through a procedure. However, it can be a false positive.
Extended Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
Short Name
HTTP:USER-AGENT-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Agent CVE-2017-17411 Command Detected HTTP Header Injection User bid:102212 on
Release Date
02/05/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
CVSS Score
10.0