CVE-2009-1807

Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisrt.org/enblog/read.php?245	Exploit
http://www.vupen.com/english/advisories/2009/1392

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:baofeng:storm::::::::
	cpe:2.3:a:baofeng:storm:2.7.9_8:::::::*
	cpe:2.3:a:baofeng:storm:2.7.9_10:::::::*
	cpe:2.3:a:baofeng:storm:2.8:::::::*
	cpe:2.3:a:baofeng:storm:2.9:::::::*

History

No history.

Information

Published : 2009-05-28 20:30

Updated : 2024-02-04 17:33

NVD link : CVE-2009-1807

Mitre link : CVE-2009-1807

CVE.ORG link : CVE-2009-1807

JSON object : View

Products Affected

baofeng

storm

CWE

NVD-CWE-noinfo

{"id": "CVE-2009-1807", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-05-28T20:30:00.280", "references": [{"url": "http://www.cisrt.org/enblog/read.php?245", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1392", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Config.dll en productos Baofeng v3.09.04.17 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n llamando al m\u00e9todo SetAttributeValue, como se ha explotado libremente en Abril y Mayo de 2009."}], "lastModified": "2009-06-09T05:34:42.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:baofeng:storm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "562E2843-2197-4945-8141-DC06F55D6F30", "versionEndIncluding": "3.09.04.17"}, {"criteria": "cpe:2.3:a:baofeng:storm:2.7.9_8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F52CD8D-3166-4A06-BB43-B7DEE653FBDB"}, {"criteria": "cpe:2.3:a:baofeng:storm:2.7.9_10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD543322-FB0F-45E0-9E93-347425B470BA"}, {"criteria": "cpe:2.3:a:baofeng:storm:2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BF09EE7-F241-4EDE-8266-FD2413C6E1AE"}, {"criteria": "cpe:2.3:a:baofeng:storm:2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93399125-BFCD-4EEC-B187-3E89A8DB82D2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}