CVE-2008-1244
First published: Mon Mar 10 2008(Updated: )
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Belkin F5D7230-4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.gnucitizen.org/projects/router-hacking-challenge/
- https://bugzilla.mozilla.org/show_bug.cgi?id=371598
- http://www.securityfocus.com/bid/28319
- http://secunia.com/advisories/29345
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41124
- http://www.securityfocus.com/archive/1/489009/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/belkin
- canonical/belkin f5d7230-4