ID CVE-2009-1807
Summary Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.
References
Vulnerable Configurations
  • cpe:2.3:a:baofeng:storm:2.7.9_8:*:*:*:*:*:*:*
    cpe:2.3:a:baofeng:storm:2.7.9_8:*:*:*:*:*:*:*
  • cpe:2.3:a:baofeng:storm:2.7.9_10:*:*:*:*:*:*:*
    cpe:2.3:a:baofeng:storm:2.7.9_10:*:*:*:*:*:*:*
  • cpe:2.3:a:baofeng:storm:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:baofeng:storm:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:baofeng:storm:2.9:*:*:*:*:*:*:*
    cpe:2.3:a:baofeng:storm:2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:baofeng:storm:*:*:*:*:*:*:*:*
    cpe:2.3:a:baofeng:storm:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 09-06-2009 - 05:34)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
misc http://www.cisrt.org/enblog/read.php?245
vupen ADV-2009-1392
Last major update 09-06-2009 - 05:34
Published 28-05-2009 - 20:30
Back to Top