CVE-2008-6449
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
09/03/2009
Last modified:
09/04/2025
Description
Cross-site request forgery (CSRF) vulnerability in multiple Century Systems routers including XR-410 before 1.6.9, XR-510 before 3.5.3, XR-440 before 1.7.8, and other XR series routers from XR-510 to XR-730 allows remote attackers to modify configuration as the administrator via unknown vectors.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:centurysys:xr-1100:*:*:*:*:*:*:*:* | 1.6.2 (including) | |
| cpe:2.3:h:centurysys:xr-410:*:*:*:*:*:*:*:* | 1.6.8 (including) | |
| cpe:2.3:h:centurysys:xr-410-l2:*:*:*:*:*:*:*:* | 1.6.1 (including) | |
| cpe:2.3:h:centurysys:xr-440:*:*:*:*:*:*:*:* | 1.7.7 (including) | |
| cpe:2.3:h:centurysys:xr-510:*:*:*:*:*:*:*:* | 3.5.0 (including) | |
| cpe:2.3:h:centurysys:xr-540:*:*:*:*:*:*:*:* | 3.5.2 (including) | |
| cpe:2.3:h:centurysys:xr-640:*:*:*:*:*:*:*:* | 1.6.7 (including) | |
| cpe:2.3:h:centurysys:xr-640-l2:*:*:*:*:*:*:*:* | 1.6.1 (including) | |
| cpe:2.3:h:centurysys:xr-730:*:*:*:*:*:*:*:* | 3.5.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://jvn.jp/en/jp/JVN67573833/index.html
- http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000042.html
- http://secunia.com/advisories/31173
- http://www.centurysys.co.jp/support/xr_common/JVN67573833.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43949
- http://jvn.jp/en/jp/JVN67573833/index.html
- http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000042.html
- http://secunia.com/advisories/31173
- http://www.centurysys.co.jp/support/xr_common/JVN67573833.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43949