Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1807

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-1807
Last Modified 09 Jun 2009 01:34:42
Published 28 May 2009 04:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1807

Summary

Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.

Vulnerable Systems

Application

  • Baofeng Storm 2.7.9 10

  • Baofeng Storm 2.7.9 8

  • Baofeng Storm 2.8

  • Baofeng Storm 2.9

  • Baofeng Storm 3.09.04.17


References

VUPEN - ADV-2009-1392

MISC - http://www.cisrt.org/enblog/read.php?245


Last Updated: 27 May 2016 10:50:40