CVE-2009-1807

EXPLOITED IN THE WILD

Baofeng <3.09.04.17 - RCE

Title source: llm

Description

Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.

Exploits (1)

exploitdb WORKING POC VERIFIED

by etirah · htmlremotewindows

https://www.exploit-db.com/exploits/8757

View Code ZIP pw:eip

References (2)

[Exploit] http://www.cisrt.org/enblog/read.php?245

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/1392

Scores

EPSS 0.0347

EPSS Percentile 87.6%

Details

VulnCheck KEV 2009-05-28

InTheWild.io 2009-06-09

Status published

Products (5)

baofeng/storm 2.7.9_8

baofeng/storm 2.7.9_10

baofeng/storm 2.8

baofeng/storm 2.9

baofeng/storm < 3.09.04.17

Published May 28, 2009

Tracked Since Feb 18, 2026