CVE-2008-6449

Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
centurysysxr-1100
𝑥
≤ 1.6.2
centurysysxr-410
𝑥
≤ 1.6.8
centurysysxr-410-l2
𝑥
≤ 1.6.1
centurysysxr-440
𝑥
≤ 1.7.7
centurysysxr-510
𝑥
≤ 3.5.0
centurysysxr-540
𝑥
≤ 3.5.2
centurysysxr-640
𝑥
≤ 1.6.7
centurysysxr-640-l2
𝑥
≤ 1.6.1
centurysysxr-730
𝑥
≤ 3.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN67573833/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000042.html
http://secunia.com/advisories/31173
http://www.centurysys.co.jp/support/xr_common/JVN67573833.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/43949
http://jvn.jp/en/jp/JVN67573833/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000042.html
http://secunia.com/advisories/31173
http://www.centurysys.co.jp/support/xr_common/JVN67573833.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/43949