cbcvebase.
CVE-2014-9222
published 2014-12-24

CVE-2014-9222: AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a…

PriorityP181critical10CVSS 2.0
AVNACLAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
63.75%
99.1th percentile
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.

Affected

1 ranges
VendorProductVersion rangeFixed in
allegrosoftrompager<= 4.07

Detection & IOCsextracted from sources · hover to see the quote

cookiecrafted cookie that triggers memory corruption
  • Target HTTP servers running Allegro RomPager versions before 4.34; a crafted HTTP cookie can be used to bypass authentication and gain administrator access without valid credentials.
  • Scan for HTTP servers exposing RomPager version strings prior to 4.34 on home gateway/CPE devices (e.g., Huawei Home Gateway) as indicators of vulnerable targets.
  • Monitor for unauthenticated administrative HTTP sessions on RomPager-based devices; successful exploitation results in privilege escalation via malformed cookie without credentials.
  • ·Vulnerability affects RomPager 4.34 and earlier as embedded in multiple vendors' products (not just Huawei); scope of affected devices is broad across home gateway/CPE product lines.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.