Linksys WVBR0-25 User-Agent Command Execution
Posted by deepcore on January 5, 2018 – 5:59 am
The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerability.
Post a reply
You must be logged in to post a comment.