CVEブラウザに戻る

CVE-2008-3411

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1200%

EPSS Percentile31.99th

Published2008年7月31日

Last Modified2026年4月23日

Vulnerability Description

The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.

Affected Platforms (CPE)

🔌

Axesstel

Akw D800

= d2_eth_109_01_vebr

References & Advisories

🔗 http://secunia.com/advisories/31285

🔗 http://securityreason.com/securityalert/4089

🔗 http://www.securityfocus.com/archive/1/494815/100/0/threaded

🔗 http://www.securityfocus.com/bid/30404

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/44044

🔗 http://secunia.com/advisories/31285

🔗 http://securityreason.com/securityalert/4089

🔗 http://www.securityfocus.com/archive/1/494815/100/0/threaded

関連する脆弱性情報

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2008-034410.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote a...

CVE-2008-034510.0

Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, ak...

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...