Rompager
CVE-2014-9222
CRITICAL
Severity by source
AV:N/AC:L/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
AnalysisAI
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.4%.
Technical ContextAI
This vulnerability is classified under CWE-17. AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability. Affected products include: Allegrosoft Rompager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and product
A vulnerability was found in Allegro RomPager 4.01. Rated high severity (CVSS 8.8), this vulnerability is remotely explo
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882,
Same weakness CWE-17 – DEPRECATED: Code
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today