Main Vulnerability Database Exploits ID:5 - Exploit for Authentication bypass in Huawei products - CVE-2014-9222

ID:5 - Exploit for Authentication bypass in Huawei products - CVE-2014-9222

Published: March 18, 2020

Vulnerability identifier: #VU330

Vulnerability risk: High

CVE-ID: CVE-2014-9222

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
RomPager
HG520c
HG530

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/admin/http/allegro_rompager_auth_bypass

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication mechanisms.

The vulnerability exists due to a design error when handling cookies. A remote unauthenticated attacker can send specially crafted cookie, bypass authentication mechanisms and gain complete control over the affected device. This exploitation technique is known as "Misfortune Cookie".

Successful exploitation of this vulnerability may allow a remote attacker to gain complete control over the vulnerable device.

Remediation

The vulnerability is fixed in version 4.34.

ID:5 - Exploit for Authentication bypass in Huawei products - CVE-2014-9222

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human