CVE-2008-7115
published 2009-08-28CVE-2008-7115: The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain…
PriorityP258critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.11%
89.5th percentile
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belkin | f5d7632-4 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated direct HTTP requests to the vulnerable CGI endpoints on Belkin F5D7632-4V6 routers; any GET/POST to cgi-bin/statusprocess.exe, cgi-bin/system_all.exe, or cgi-bin/restore.exe without a prior authenticated session should be treated as an exploitation attempt. ↗
- →Also monitor for unauthenticated requests to cgi-bin/setup_dns.exe on the same device class, covered by the related CVE-2008-1244. ↗
- ·The vulnerability is confirmed on Belkin F5D7632-4V6 with firmware version 6.01.08 specifically; other firmware versions may or may not be affected. ↗
- ·The exploit HTML form demonstrates that successful exploitation can change DNS nameservers, clear logs, modify passwords, enable/disable remote management, toggle UPnP, enable automatic firmware updates, and restore factory defaults — all without authentication. ↗
- ·Remote management being enabled on the device would allow exploitation from any IP address, not just the local network. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/31665http://www.securitytracker.com/id?1020747https://exchange.xforce.ibmcloud.com/vulnerabilities/44874https://www.exploit-db.com/exploits/6305http://secunia.com/advisories/31665http://www.securitytracker.com/id?1020747https://exchange.xforce.ibmcloud.com/vulnerabilities/44874https://www.exploit-db.com/exploits/6305
2009-08-28
Published