Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3411

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-3411
Last Modified 29 Jan 2009 01:53:23
Published 31 Jul 2008 01:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3411

Summary

The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.

Vulnerable Systems


References

XF - axesstel-axwd800-multiple-auth-bypass(44044)

BID - 30404

BUGTRAQ - 20080728 Security Bypass Vulnerabilities AXESSTEL

SREASON - 4089

SECUNIA - 31285


Last Updated: 27 May 2016 10:48:12