PT-2008-2836 · Belkin · Belkin F5D7230-4+1
Publicado
2008-03-10
·
Atualizado
2018-10-11
·
CVE-2008-1244
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Belkin F5D7230-4 router with firmware 9.01.10
Belkin F5D7632-4V6 with firmware 6.01.08
Description
The issue allows remote attackers to perform administrative actions without authentication. This can be demonstrated by changing a DNS server via the
dns1 1, dns1 2, dns1 3, and dns1 4 parameters in the cgi-bin/setup dns.exe endpoint.Recommendations
For Belkin F5D7230-4 router with firmware 9.01.10, consider restricting access to the cgi-bin/setup dns.exe endpoint until a patch is available.
For Belkin F5D7632-4V6 with firmware 6.01.08, consider restricting access to the cgi-bin/setup dns.exe endpoint until a patch is available.
As a temporary workaround, avoid using the
dns1 1, dns1 2, dns1 3, and dns1 4 parameters in the affected endpoint until the issue is resolved.Exploit
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Belkin F5D7230-4
Belkin F5D7632-4V6