Allegrosoft Rompager vulnerabilities
4 known vulnerabilities affecting allegrosoft/rompager.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2014-9222P1CRITICALCVSS 10.0ExploitedPoC≤ 4.072014-12-24
CVE-2014-9222 [CRITICAL] CWE-17 CVE-2014-9222: AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
nvd
CVE-2014-9223P3CRITICALCVSS 10.0≤ 4.072014-12-24
CVE-2014-9223 [CRITICAL] CWE-119 CVE-2014-9223: Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.
nvd
CVE-2024-0522P3HIGHCVSS 8.8v4.012024-01-14
CVE-2024-0522 [HIGH] CWE-352 CVE-2024-0522: A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected
A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.3
nvd
CVE-2013-6786P4MEDIUMCVSS 4.3≤ 4.072014-01-16
CVE-2013-6786 [MEDIUM] CWE-79 CVE-2013-6786: Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660H
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI i
nvd