cbcvebase.
CVE-2008-7115
published 2009-08-28

CVE-2008-7115: The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain…

PriorityP258critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.11%
89.5th percentile
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244.

Affected

1 ranges
VendorProductVersion rangeFixed in
belkinf5d7632-4

Detection & IOCsextracted from sources · hover to see the quote

pathcgi-bin/statusprocess.exe
pathcgi-bin/system_all.exe
  • Detect unauthenticated direct HTTP requests to the vulnerable CGI endpoints on Belkin F5D7632-4V6 routers; any GET/POST to cgi-bin/statusprocess.exe, cgi-bin/system_all.exe, or cgi-bin/restore.exe without a prior authenticated session should be treated as an exploitation attempt.
  • Also monitor for unauthenticated requests to cgi-bin/setup_dns.exe on the same device class, covered by the related CVE-2008-1244.
  • ·The vulnerability is confirmed on Belkin F5D7632-4V6 with firmware version 6.01.08 specifically; other firmware versions may or may not be affected.
  • ·The exploit HTML form demonstrates that successful exploitation can change DNS nameservers, clear logs, modify passwords, enable/disable remote management, toggle UPnP, enable automatic firmware updates, and restore factory defaults — all without authentication.
  • ·Remote management being enabled on the device would allow exploitation from any IP address, not just the local network.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.