CVE-2009-2319

The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

CVE-2009-2323

The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script.