CVE-2008-6449
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
09/03/2009
Last modified:
17/08/2017
Description
Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:h:centurysys:xr-1100:*:*:*:*:*:*:*:* | 1.6.2 (including) | |
cpe:2.3:h:centurysys:xr-410:*:*:*:*:*:*:*:* | 1.6.8 (including) | |
cpe:2.3:h:centurysys:xr-410-l2:*:*:*:*:*:*:*:* | 1.6.1 (including) | |
cpe:2.3:h:centurysys:xr-440:*:*:*:*:*:*:*:* | 1.7.7 (including) | |
cpe:2.3:h:centurysys:xr-510:*:*:*:*:*:*:*:* | 3.5.0 (including) | |
cpe:2.3:h:centurysys:xr-540:*:*:*:*:*:*:*:* | 3.5.2 (including) | |
cpe:2.3:h:centurysys:xr-640:*:*:*:*:*:*:*:* | 1.6.7 (including) | |
cpe:2.3:h:centurysys:xr-640-l2:*:*:*:*:*:*:*:* | 1.6.1 (including) | |
cpe:2.3:h:centurysys:xr-730:*:*:*:*:*:*:*:* | 3.5.0 (including) |
To consult the complete list of CPE names with products and versions, see this page