Vulnerabilities > CVE-2009-1807 - Unspecified vulnerability in Baofeng Storm

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

baofeng

critical

exploit available

NVD

Published: 2009-05-28

Updated: 2009-06-09

Summary

Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.

Vulnerable Configurations

Part	Description	Count
Application	Baofeng Baofeng Storm 2.7.9_8 Baofeng Storm 2.7.9_10 Baofeng Storm 2.8 Baofeng Storm 2.9 Baofeng Storm *	5

Exploit-Db

description	BaoFeng (config.dll) ActiveX Remote Code Execution Exploit. CVE-2009-1807. Remote exploit for windows platform
id	EDB-ID:8757
last seen	2016-02-01
modified	2009-05-21
published	2009-05-21
reporter	etirah
source	https://www.exploit-db.com/download/8757/
title	BaoFeng config.dll ActiveX Remote Code Execution Exploit

Summary

Vulnerable Configurations

Exploit-Db

References