Security Advisory-Multiple Vulnerabilities in the RomPager Component of Home Gateway

RomPager is the embedded web server from AllegroSoft. RomPager component has two vulnerabilities. Some Huawei Home Gateway products use RomPager component and are affected by these two vulnerabilities.

RomPager Authentication Security Bypass –Misfortune Cookie: The vulnerability is due to an insecure design in the RomPager Server. Remote attacker could exploit this vulnerability to access the RomPager web-server under administrator privileges. (Vulnerability ID: HWPSIRT-2014-1137)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9222.

RomPager Authorization Buffer-Overflow Denial of Service: A buffer-overflow vulnerability exist in RomPager Web Server. A remote attacker could exploit this vulnerability by sending a crafted request to the vulnerable server causing a denial of service. (Vulnerability ID: HWPSIRT-2014-1211)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9223.