CVE-2008-1244 - OpenCVE

cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Belkin	F5d7230-4

Configuration 1 [-]

cpe:2.3:h:belkin:f5d7230-4:*:*:9.01.10:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/29345
http://www.gnucitizen.org/projects/router-hacking-challenge/
http://www.securityfocus.com/archive/1/489009/100/0/threaded
http://www.securityfocus.com/bid/28319
https://bugzilla.mozilla.org/show_bug.cgi?id=371598
https://exchange.xforce.ibmcloud.com/vulnerabilities/41124

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-10T17:00:00

Updated: 2024-08-07T08:17:34.101Z

Reserved: 2008-03-10T00:00:00

Link: CVE-2008-1244

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-10T17:44:00.000

Modified: 2018-10-11T20:31:15.463

Link: CVE-2008-1244

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-29T00:00:00", "descriptions": [{"lang": "en", "value": "cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20080301 The Router Hacking Challenge is Over!", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=371598"}, {"name": "belkin-f5d72304-setupdns-security-bypass(41124)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41124"}, {"name": "28319", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28319"}, {"name": "29345", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29345"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1244", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20080301 The Router Hacking Challenge is Over!", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", "refsource": "MISC", "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=371598", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=371598"}, {"name": "belkin-f5d72304-setupdns-security-bypass(41124)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41124"}, {"name": "28319", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28319"}, {"name": "29345", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29345"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:17:34.101Z"}, "title": "CVE Program Container", "references": [{"name": "20080301 The Router Hacking Challenge is Over!", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=371598"}, {"name": "belkin-f5d72304-setupdns-security-bypass(41124)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41124"}, {"name": "28319", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28319"}, {"name": "29345", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29345"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1244", "datePublished": "2008-03-10T17:00:00", "dateReserved": "2008-03-10T00:00:00", "dateUpdated": "2024-08-07T08:17:34.101Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:belkin:f5d7230-4:*:*:9.01.10:*:*:*:*:*", "matchCriteriaId": "9B43725B-81D9-4F1E-9B1A-F85D8FBE1AAC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected."}, {"lang": "es", "value": "En el archivo cgi-bin/setup_dns.exe en el enrutador Belkin F5D7230-4 con versi\u00f3n de firmware 9.01.10, no requiere autenticaci\u00f3n, lo que permite a los atacantes remotos realizar acciones administrativas, como es demostrado mediante el cambio de un servidor DNS por medio de los par\u00e1metros dns1_1, dns1_2, dns1_3 y dns1_4. NOTA: m\u00e1s tarde se report\u00f3 que tambi\u00e9n est\u00e1 afectado el modelo F5D7632-4V6 con versi\u00f3n de firmware 6.01.08."}], "id": "CVE-2008-1244", "lastModified": "2018-10-11T20:31:15.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-10T17:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29345"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28319"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=371598"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41124"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}