Main
Vulnerability Database
Exploits
ID:4 - Exploit for Authentication bypass in Huawei products - CVE-2014-9222
ID:4 - Exploit for Authentication bypass in Huawei products - CVE-2014-9222
Published: March 18, 2020
Vulnerability identifier: #VU330
Vulnerability risk: High
CVE-ID: CVE-2014-9222
CWE-ID: CWE-287
Exploitation vector: Remote access
Vulnerable software:
RomPager
HG520c
HG530
RomPager
HG520c
HG530
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to bypass authentication mechanisms.
The vulnerability exists due to a design error when handling cookies. A remote unauthenticated attacker can send specially crafted cookie, bypass authentication mechanisms and gain complete control over the affected device. This exploitation technique is known as "Misfortune Cookie".
Successful exploitation of this vulnerability may allow a remote attacker to gain complete control over the vulnerable device.
Remediation
The vulnerability is fixed in version 4.34.