cbcvebase.
CVE-2008-1244
published 2008-03-10

CVE-2008-1244: cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform…

PriorityP277critical10CVSS 2.0
AVNACLAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.90%
91.0th percentile
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.

Affected

1 ranges
VendorProductVersion rangeFixed in
belkinf5d7632-4

Detection & IOCsextracted from sources · hover to see the quote

pathcgi-bin/setup_dns.exe
pathcgi-bin/statusprocess.exe
pathcgi-bin/system_all.exe
pathcgi-bin/restore.exe
  • Detect unauthenticated direct HTTP requests to any of the known vulnerable CGI endpoints on Belkin F5D7632-4V6 routers: setup_dns.exe, statusprocess.exe, system_all.exe, or restore.exe under cgi-bin/. These requests bypass authentication entirely and should never originate from untrusted sources.
  • Monitor for HTTP POST requests to cgi-bin/setup_dns.exe targeting Belkin router management interfaces, which may indicate DNS hijacking attempts, especially when combined with DNS poisoning techniques.
  • Alert on unauthenticated requests to cgi-bin/restore.exe, which can reset the router to factory defaults (including clearing the admin password), enabling full device takeover.
  • Flag requests to the router management interface that attempt to enable remote management or modify the remote management port without prior authenticated session, as the exploit allows changing remote management settings without credentials.
  • ·The vulnerability is confirmed on Belkin model F5D7632-4V6 with firmware version 6.01.08 specifically; applicability to other firmware versions is not confirmed.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.