// For flags

CVE-2009-1807

BaoFeng - 'config.dll' ActiveX Remote Code Execution

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.

Vulnerabilidad sin especificar en Config.dll en productos Baofeng v3.09.04.17 y anteriores permite a atacantes remotos ejecutar código de su elección llamando al método SetAttributeValue, como se ha explotado libremente en Abril y Mayo de 2009.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-05-21 First Exploit
  • 2009-05-28 CVE Reserved
  • 2009-05-28 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-24 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Baofeng
Search vendor "Baofeng"
Storm
Search vendor "Baofeng" for product "Storm"
<= 3.09.04.17
Search vendor "Baofeng" for product "Storm" and version " <= 3.09.04.17"
-
Affected
Baofeng
Search vendor "Baofeng"
Storm
Search vendor "Baofeng" for product "Storm"
2.7.9_8
Search vendor "Baofeng" for product "Storm" and version "2.7.9_8"
-
Affected
Baofeng
Search vendor "Baofeng"
Storm
Search vendor "Baofeng" for product "Storm"
2.7.9_10
Search vendor "Baofeng" for product "Storm" and version "2.7.9_10"
-
Affected
Baofeng
Search vendor "Baofeng"
Storm
Search vendor "Baofeng" for product "Storm"
2.8
Search vendor "Baofeng" for product "Storm" and version "2.8"
-
Affected
Baofeng
Search vendor "Baofeng"
Storm
Search vendor "Baofeng" for product "Storm"
2.9
Search vendor "Baofeng" for product "Storm" and version "2.9"
-
Affected