CVE-2008-1244
published 2008-03-10CVE-2008-1244: cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform…
PriorityP277critical10CVSS 2.0
AVNACLAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.90%
91.0th percentile
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belkin | f5d7632-4 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated direct HTTP requests to any of the known vulnerable CGI endpoints on Belkin F5D7632-4V6 routers: setup_dns.exe, statusprocess.exe, system_all.exe, or restore.exe under cgi-bin/. These requests bypass authentication entirely and should never originate from untrusted sources. ↗
- →Monitor for HTTP POST requests to cgi-bin/setup_dns.exe targeting Belkin router management interfaces, which may indicate DNS hijacking attempts, especially when combined with DNS poisoning techniques. ↗
- →Alert on unauthenticated requests to cgi-bin/restore.exe, which can reset the router to factory defaults (including clearing the admin password), enabling full device takeover. ↗
- →Flag requests to the router management interface that attempt to enable remote management or modify the remote management port without prior authenticated session, as the exploit allows changing remote management settings without credentials. ↗
- ·The vulnerability is confirmed on Belkin model F5D7632-4V6 with firmware version 6.01.08 specifically; applicability to other firmware versions is not confirmed. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3qmw-v59r-752q: The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2008-7115 [CRITICAL] GHSA-3qmw-v59r-752q: The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244.
GHSA
GHSA-8jqr-9v8f-r585: cgi-bin/setup_dns
ghsa_unreviewed·2022-05-01
CVE-2008-1244 [HIGH] CWE-287 GHSA-8jqr-9v8f-r585: cgi-bin/setup_dns
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.
VulnCheck
belkin f5d7230-4 Improper Authentication
vulncheck·2008·CVSS 10.0
CVE-2008-1244 [CRITICAL] belkin f5d7230-4 Improper Authentication
belkin f5d7230-4 Improper Authentication
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and dns1_4 parameters. NOTE: it was later reported that F5D7632-4V6 with firmware 6.01.08 is also affected.
Affected: belkin f5d7230-4
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://malware.dontneedcoffee.com/2015/05/an-exploit-kit-dedicated-to-csrf.html
VMware
VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
vendor_vmware·2009-04-10·CVSS 4.6
CVE-2008-4916 [MEDIUM] VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
VMSA-2009-0006: VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
a. Host code execution vulnerability from a guest operating system A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host. This issue is different from the vulnerability in a guest virtual device driver reported in VMware security advisory VMSA-2009-0005 on 2009-04-03. That vulnerability can cause a potential denial of service and is identified by CVE-2008-4916. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-1244 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product ============= Pr
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/29345http://www.gnucitizen.org/projects/router-hacking-challenge/http://www.securityfocus.com/archive/1/489009/100/0/threadedhttp://www.securityfocus.com/bid/28319https://bugzilla.mozilla.org/show_bug.cgi?id=371598https://exchange.xforce.ibmcloud.com/vulnerabilities/41124http://secunia.com/advisories/29345http://www.gnucitizen.org/projects/router-hacking-challenge/http://www.securityfocus.com/archive/1/489009/100/0/threadedhttp://www.securityfocus.com/bid/28319https://bugzilla.mozilla.org/show_bug.cgi?id=371598https://exchange.xforce.ibmcloud.com/vulnerabilities/41124
2008-03-10
Published
Exploited in the wild