PT-2008-2836 · Belkin · Belkin F5D7230-4+1
Published
2008-03-10
·
Updated
2018-10-11
·
CVE-2008-1244
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Belkin F5D7230-4 router with firmware 9.01.10
Belkin F5D7632-4V6 with firmware 6.01.08
Description
The issue allows remote attackers to perform administrative actions without authentication. This can be demonstrated by changing a DNS server via the
dns1 1, dns1 2, dns1 3, and dns1 4 parameters in the cgi-bin/setup dns.exe endpoint.Recommendations
For Belkin F5D7230-4 router with firmware 9.01.10, consider restricting access to the cgi-bin/setup dns.exe endpoint until a patch is available.
For Belkin F5D7632-4V6 with firmware 6.01.08, consider restricting access to the cgi-bin/setup dns.exe endpoint until a patch is available.
As a temporary workaround, avoid using the
dns1 1, dns1 2, dns1 3, and dns1 4 parameters in the affected endpoint until the issue is resolved.Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Belkin F5D7230-4
Belkin F5D7632-4V6