CVE-2008-1244 - OpenCVE

cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Belkin	F5d7230-4

Configuration 1 [-]

cpe:2.3:h:belkin:f5d7230-4:*:*:9.01.10:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/29345
http://www.gnucitizen.org/projects/router-hacking-challenge/	Exploit
http://www.securityfocus.com/archive/1/489009/100/0/threaded
http://www.securityfocus.com/bid/28319
https://bugzilla.mozilla.org/show_bug.cgi?id=371598	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/41124

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-10T17:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2008-03-10T00:00:00

Link: CVE-2008-1244

JSON object: View

NVD Information

Status : Modified

Published: 2008-03-10T17:44:00.000

Modified: 2018-10-11T20:31:15.463

Link: CVE-2008-1244

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-29T00:00:00", "descriptions": [{"lang": "en", "value": "cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20080301 The Router Hacking Challenge is Over!", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=371598"}, {"name": "belkin-f5d72304-setupdns-security-bypass(41124)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41124"}, {"name": "28319", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28319"}, {"name": "29345", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29345"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1244", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20080301 The Router Hacking Challenge is Over!", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", "refsource": "MISC", "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=371598", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=371598"}, {"name": "belkin-f5d72304-setupdns-security-bypass(41124)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41124"}, {"name": "28319", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28319"}, {"name": "29345", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29345"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1244", "datePublished": "2008-03-10T17:00:00", "dateReserved": "2008-03-10T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:belkin:f5d7230-4:*:*:9.01.10:*:*:*:*:*", "matchCriteriaId": "9B43725B-81D9-4F1E-9B1A-F85D8FBE1AAC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected."}, {"lang": "es", "value": "En el archivo cgi-bin/setup_dns.exe en el enrutador Belkin F5D7230-4 con versi\u00f3n de firmware 9.01.10, no requiere autenticaci\u00f3n, lo que permite a los atacantes remotos realizar acciones administrativas, como es demostrado mediante el cambio de un servidor DNS por medio de los par\u00e1metros dns1_1, dns1_2, dns1_3 y dns1_4. NOTA: m\u00e1s tarde se report\u00f3 que tambi\u00e9n est\u00e1 afectado el modelo F5D7632-4V6 con versi\u00f3n de firmware 6.01.08."}], "id": "CVE-2008-1244", "lastModified": "2018-10-11T20:31:15.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-10T17:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29345"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28319"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=371598"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41124"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}