Lucene search

[email protected]CVE-2009-1807

HistoryMay 28, 2009 - 8:30 p.m.

CVE-2009-1807

2009-05-2820:30:00

[email protected]

web.nvd.nist.gov

cve-2009-1807

baofeng products

config.dll

remote code execution

exploit

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.6%

JSON

Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.

Affected configurations

NVD

Node

baofengstormRange≤3.09.04.17

baofengstormMatch2.7.9_8

baofengstormMatch2.7.9_10

baofengstormMatch2.8

baofengstormMatch2.9

CPENameOperatorVersion
baofeng:stormbaofeng stormle3.09.04.17
baofeng:stormbaofeng stormeq2.7.9_8
baofeng:stormbaofeng stormeq2.7.9_10
baofeng:stormbaofeng stormeq2.8
baofeng:stormbaofeng stormeq2.9

CPE	Name	Operator	Version
baofeng:storm	baofeng storm	le	3.09.04.17
baofeng:storm	baofeng storm	eq	2.7.9_8
baofeng:storm	baofeng storm	eq	2.7.9_10
baofeng:storm	baofeng storm	eq	2.8
baofeng:storm	baofeng storm	eq	2.9

References

www.cisrt.org/enblog/read.php?245

www.vupen.com/english/advisories/2009/1392

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.6%

JSON

Related for CVE-2009-1807

prion1 nvd1 cvelist1