CVE-2008-3411

Name of the Vulnerable Software and Affected Versions Axesstel AXW-D800 modem with D2 ETH 109 01 VEBR Jun-14-2006 software

Description The issue concerns a lack of authentication requirement for certain web-based configuration interfaces. Specifically, remote attackers can access and modify the modem's configuration through direct requests to the following API endpoints: "etc/config/System.html", "etc/config/Network.html", "etc/config/Security.html", "cgi-bin/sysconf.cgi", and "cgi-bin/route.cgi". This allows unauthorized changes to the modem's settings.

Recommendations For the Axesstel AXW-D800 modem with D2 ETH 109 01 VEBR Jun-14-2006 software, consider restricting access to the vulnerable API endpoints until a patch is available. As a temporary workaround, limit access to the modem's configuration interfaces to prevent unauthorized changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.