The security vulnerability was discovered in the Linksys WVBR0-25 wireless video bridge, which was designed to enable the main Genie DVR to communicate over the air with clients’ Genie client boxes (up to 8) that are plugged into their televisions around the home.
The vulnerability (tracked as CVE-2017-17411) has been discovered by Ricky Lawshae (security researcher) from Trend Micro, he said that authentication isn’t required when trying to exploit the flaw for executing arbitrary code.
According to the researcher:
“The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges,”
When trying to browse to the wireless bridge’s web server on the device, the researcher was awaiting a login page, but alternatively, he noticed “a wall of text streaming before [his] eyes.” Then, he saw an output of various diagnostic scripts holding everything about the DirecTV Wireless Video Bridge, containing the WPS pin, connected clients, running processes, and other things. He said that the device was accepting his commands remotely with root permissions.
The researcher also said “In the absence of an actual patch from the vendor, users should protect themselves by limiting the devices that can interact with the WVBR0-25 to those that actually need to reach it,”