cbcvebase.
CVE-2009-1807
published 2009-05-28

CVE-2009-1807: Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the…

PriorityP268critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.53%
93.7th percentile
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.

Affected

5 ranges
VendorProductVersion rangeFixed in
baofengstorm<= 3.09.04.17
baofengstorm
baofengstorm
baofengstorm
baofengstorm

Detection & IOCsextracted from sources · hover to see the quote

filenameconfig.dll
commandSetAttributeValue(param1,param2,param3)
bytes
\u68fc\u0a6a\u1e38\u6368\ud189\u684f\u7432\u0c91\uf48b\u7e8d\u33f4\ub7db\u2b04\u66e3\u33bb\u5332\u7568\u6573\u5472\ud233\u8b64\u305a\u4b8b\u8b0c\u1c49\u098b\u698b\uad08\u6a3d\u380a\u751e\u9505\u57ff\u95f8\u8b60\u3c45\u4c8b\u7805\ucd03\u598b\u0320\u33dd\u47ff\u348b\u03bb\u99f5\ube0f\u3a06\u74c4\uc108\u07ca\ud003\ueb46\u3bf1\u2454\u751c\u8be4\u2459\udd03\u8b66\u7b3c\u598b\u031c\u03dd\ubb2c\u5f95\u57ab\u3d61\u0a6a\u1e38\ua975\udb33\u6853\u6574\u7473\uc48b\u6853\u3a20\u292d\u7468\u2065\u6820\u6168\u6972\ud48b\u5053\u5352\u57ff\u53fc\u57ff\u00f8
  • Detect heap-spray patterns in browser script contexts: look for large repeated NOP sleds (%u9090%u9090) combined with unescape() shellcode blobs characteristic of this exploit.
  • This vulnerability was actively exploited in the wild in April and May 2009; prioritise detection on systems running Baofeng products version 3.09.04.17 and earlier.
  • ·The vulnerability is described as 'unspecified' by NVD; the exact internal trigger condition within SetAttributeValue is not publicly documented beyond param1 being the attack surface.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.