CVE-2008-3411 Information

Description

The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html (2) etc/config/Network.html (3) etc/config/Security.html (4) cgi-bin/sysconf.cgi and (5) cgi-bin/route.cgi which allows remote attackers to change the modem’s configuration via direct requests.

Reference

http://secunia.com/advisories/31285 http://securityreason.com/securityalert/4089 http://www.securityfocus.com/archive/1/494815/100/0/threaded http://www.securityfocus.com/bid/30404 https://exchange.xforce.ibmcloud.com/vulnerabilities/44044