Linksys WVBR0-25 User-Agent Command Execution

The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerability.
Source: Linksys WVBR0-25 User-Agent Command Execution