CVE-2008-3411

Axesstel AXW-D800 - Info Disclosure

Title source: llm

Description

The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.

References (5)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44044

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/494815/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/30404

[Third Party Advisory] http://secunia.com/advisories/31285

[Third Party Advisory] http://securityreason.com/securityalert/4089

Scores

EPSS 0.0080

EPSS Percentile 73.7%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

axesstel/akw-d800

Timeline

Published Jul 31, 2008

Tracked Since Feb 18, 2026