var-200912-0137
Vulnerability from variot
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. Huawei MT882l is a small ADSL modem. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Huawei MT882 Multiple Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID: SA37568
VERIFY ADVISORY: http://secunia.com/advisories/37568/
DESCRIPTION: DecodeX01 has reported multiple vulnerabilities in Huawei MT882, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "BackButton" parameter in Forms/error_1, "wzConnFlag" in Forms/fresh_pppoe_1, "diag_pppindex_argen" and "DiagStartFlag" in Forms/rpDiag_argen_1, "wzdmz_active" and "wzdmzHostIP" in Forms/rpNATdmz_argen_1, "wzVIRTUALSVR_endPort", "wzVIRTUALSVR_endPortLocal", "wzVIRTUALSVR_IndexFlag", "wzVIRTUALSVR_localIP", "wzVIRTUALSVR_startPort", and "wzVIRTUALSVR_startPortLocal" in Forms/rpNATvirsvr_argen_1, "Connect_DialFlag", "Connect_DialHidden", and "Connect_Flag" in Forms/rpStatus_argen_1, "Telephone_select" and "wzFirstFlag" in Forms/rpwizard_1, and "wzConnectFlag" in Forms/rpwizPppoe_1 is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in version 3.7.9.98. Other version may also be affected.
SOLUTION: Filter malicious characters and character sequences in a proxy.
PROVIDED AND/OR DISCOVERED BY: DecodeX01
ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/10276
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200912-0137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mt882 modem",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "3.7.9.98"
},
{
"model": "mt882 modem",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r002b020_arg-t"
},
{
"model": "smartax mt882",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "v100r002b020 arg-t"
},
{
"model": "mt882 v100t002b020 arg-t",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "firmware_3.7.9.98"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005179"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-062"
},
{
"db": "NVD",
"id": "CVE-2009-4197"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:mt882_modem_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:huawei:mt882",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005179"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DecodeX01",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-062"
}
],
"trust": 0.6
},
"cve": "CVE-2009-4197",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2009-4197",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-41643",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-4197",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-4197",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200912-062",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-41643",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41643"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005179"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-062"
},
{
"db": "NVD",
"id": "CVE-2009-4197"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. Huawei MT882l is a small ADSL modem. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nHuawei MT882 Multiple Cross-Site Scripting Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA37568\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/37568/\n\nDESCRIPTION:\nDecodeX01 has reported multiple vulnerabilities in Huawei MT882,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks. \n\nInput passed to the \"BackButton\" parameter in Forms/error_1,\n\"wzConnFlag\" in Forms/fresh_pppoe_1, \"diag_pppindex_argen\" and\n\"DiagStartFlag\" in Forms/rpDiag_argen_1, \"wzdmz_active\" and\n\"wzdmzHostIP\" in Forms/rpNATdmz_argen_1, \"wzVIRTUALSVR_endPort\",\n\"wzVIRTUALSVR_endPortLocal\", \"wzVIRTUALSVR_IndexFlag\",\n\"wzVIRTUALSVR_localIP\", \"wzVIRTUALSVR_startPort\", and\n\"wzVIRTUALSVR_startPortLocal\" in Forms/rpNATvirsvr_argen_1,\n\"Connect_DialFlag\", \"Connect_DialHidden\", and \"Connect_Flag\" in\nForms/rpStatus_argen_1, \"Telephone_select\" and \"wzFirstFlag\" in\nForms/rpwizard_1, and \"wzConnectFlag\" in Forms/rpwizPppoe_1 is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user\u0027s\nbrowser session in context of an affected site. \n\nThe vulnerabilities are reported in version 3.7.9.98. Other version\nmay also be affected. \n\nSOLUTION:\nFilter malicious characters and character sequences in a proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nDecodeX01\n\nORIGINAL ADVISORY:\nhttp://www.exploit-db.com/exploits/10276\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4197"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005179"
},
{
"db": "VULHUB",
"id": "VHN-41643"
},
{
"db": "PACKETSTORM",
"id": "83713"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-41643",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41643"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-4197",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "10276",
"trust": 1.8
},
{
"db": "BID",
"id": "37194",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005179",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200912-062",
"trust": 0.7
},
{
"db": "XF",
"id": "54528",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "37568",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-41643",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83713",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41643"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005179"
},
{
"db": "PACKETSTORM",
"id": "83713"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-062"
},
{
"db": "NVD",
"id": "CVE-2009-4197"
}
]
},
"id": "VAR-200912-0137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41643"
}
],
"trust": 0.7666666999999999
},
"last_update_date": "2024-11-23T22:14:29.735000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.huawei.com/en/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005179"
},
{
"db": "NVD",
"id": "CVE-2009-4197"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.exploit-db.com/exploits/10276"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/37194"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54528"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4197"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4197"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/54528"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/37568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41643"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005179"
},
{
"db": "PACKETSTORM",
"id": "83713"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-062"
},
{
"db": "NVD",
"id": "CVE-2009-4197"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41643"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005179"
},
{
"db": "PACKETSTORM",
"id": "83713"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-062"
},
{
"db": "NVD",
"id": "CVE-2009-4197"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-12-04T00:00:00",
"db": "VULHUB",
"id": "VHN-41643"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005179"
},
{
"date": "2009-12-10T17:01:34",
"db": "PACKETSTORM",
"id": "83713"
},
{
"date": "2009-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-062"
},
{
"date": "2009-12-04T11:30:00.860000",
"db": "NVD",
"id": "CVE-2009-4197"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-41643"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005179"
},
{
"date": "2021-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-062"
},
{
"date": "2024-11-21T01:09:08.123000",
"db": "NVD",
"id": "CVE-2009-4197"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-062"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei MT882 modem firmware of rpwizPppoe.htm Password acquisition vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005179"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "design error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-062"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…