10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.8%
RomPager is the embedded web server from AllegroSoft. RomPager component has two vulnerabilities. Some Huawei Home Gateway products use RomPager component and are affected by these two vulnerabilities.
RomPager Authentication Security Bypass –Misfortune Cookie: The vulnerability is due to an insecure design in the RomPager Server. Remote attacker could exploit this vulnerability to access the RomPager web-server under administrator privileges. (Vulnerability ID: HWPSIRT-2014-1137)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9222.
RomPager Authorization Buffer-Overflow Denial of Service: A buffer-overflow vulnerability exist in RomPager Web Server. A remote attacker could exploit this vulnerability by sending a crafted request to the vulnerable server causing a denial of service. (Vulnerability ID: HWPSIRT-2014-1211)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9223.
CPE | Name | Operator | Version |
---|---|---|---|
hg530 | lt | HG530 | |
hg530 | lt | V100R001C10B023 | |
hg520c | lt | HG520c | |
hg520c | lt | V100R001C10B025 |