Multiple buffer overflows in Huawei products - CVE-2014-9223
Published: August 19, 2016
Vulnerability identifier: #VU329
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2014-9223
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
RomPager
HG520c
HG530
RomPager
HG520c
HG530
Software vendor:
Allegro Software
Huawei
Allegro Software
Huawei
Description
The vulnerabilities allow a remote attacker to execute arbitrary code on the target system.
The vulnerabilities exist due to a boundary error when handling user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable web server, trigger buffer overflow and cause a denial of service condition or execute arbitrary code on the target system.
Successful exploitation of this vulnerability will result in compromise of the affected system.
Remediation
This vulnerability is fixed in version 4.34.