EUVD-2009-2270

Malware in sbrugna...

EUVD-2009-2269

Malware in sbrugna...

CVE-2009-2273

The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

CVE-2009-2271

The Huawei D100 has 1 a certain default administrator password for the web interface, and does not force a password change; and has 2 a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access...

CVE-2009-2272

The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by 1 reading a cookie file, by 2 sniffing the network for HTTP headers, and possibly by using unspecified other vectors...

CVE-2009-2274

The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to 1 lanstatusadv.asp, 2 wlanbasiccfg.asp, or 3 lancfg.asp in en/, related to use of JavaScript to protect against reading file contents...

Default configuration

The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

Design/Logic Flaw

The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by 1 reading a cookie file, by 2 sniffing the network for HTTP headers, and possibly by using unspecified other vectors...

Default credentials

The Huawei D100 has 1 a certain default administrator password for the web interface, and does not force a password change; and has 2 a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access...

Information disclosure

The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to 1 lanstatusadv.asp, 2 wlanbasiccfg.asp, or 3 lancfg.asp in en/, related to use of JavaScript to protect against reading file contents...

CVE-2009-2272

CVE-2009-2272 concerns the Huawei D100 where the administrator’s account name and password are stored in cleartext in a cookie. The underlying issue enables context-dependent attackers to obtain sensitive information by reading a cookie file or sniffing HTTP headers, with other vectors possible. ...

CVE-2009-2273

The CVE-2009-2273 entry describes a vulnerability in the Huawei D100 where the default Wi‑Fi configuration does not use encryption. This enables remote attackers to sniff the network and obtain sensitive information. The affected component is the Wi‑Fi portion of the Huawei D100; the root cause i...

CVE-2009-2274

The vulnerability CVE-2009-2274 affects the Huawei D100 router. An attacker can remotely obtain sensitive information by making direct requests to en/ lan_status_adv.asp, wlan_basic_cfg.asp, or lancfg.asp, related to the use of JavaScript to protect reading file contents. The root cause is descri...

CVE-2009-2271

The Huawei D100 has 1 a certain default administrator password for the web interface, and does not force a password change; and has 2 a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access...

CVE-2009-2274

The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to 1 lanstatusadv.asp, 2 wlanbasiccfg.asp, or 3 lancfg.asp in en/, related to use of JavaScript to protect against reading file contents...

CVE-2009-2273

The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

CVE-2009-2271

The CVE-2009-2271 entry concerns the Huawei D100, where (1) a default administrator password for the web interface is not forced to be changed, and (2) the admin account in the Telnet interface uses the default password “admin.” This combination enables remote attackers to obtain access. The exis...

CVE-2009-2272

The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by 1 reading a cookie file, by 2 sniffing the network for HTTP headers, and possibly by using unspecified other vectors...

Multiple Flaws in Huawei D100

Multiple Flaws in Huawei D100 by Filip Palian filip dot palian at pjwstk dot edu dot pl Description: Huawei D100 is a device offered by the polish telecom operator - Play, to provide broadband Internet in CDMA technology and it's already widely in use. Overview: Huawei D100 firmware and its defau...