Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-9223 (GCVE-0-2014-9223)
Vulnerability from cvelistv5 – Published: 2014-12-24 18:00 – Updated: 2024-08-06 13:40- n/a
| URL | Tags |
|---|---|
| http://mis.fortunecook.ie/ | x_refsource_MISC |
| http://www.huawei.com/en/security/psirt/security-… | x_refsource_CONFIRM |
| https://www.allegrosoft.com/allegro-software-urge… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mis.fortunecook.ie/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-20T15:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mis.fortunecook.ie/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mis.fortunecook.ie/",
"refsource": "MISC",
"url": "http://mis.fortunecook.ie/"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"name": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html",
"refsource": "CONFIRM",
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9223",
"datePublished": "2014-12-24T18:00:00.000Z",
"dateReserved": "2014-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:40:24.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2014-9223",
"date": "2026-07-15",
"epss": "0.06026",
"percentile": "0.92524"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-9223\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-12-24T18:59:07.730\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de buffer m\u00faltiple en AllegroSoft RomPager, utilizado en productos Huawei Home Gateway y otros proveedores y productos, permite a atacantes remotos causar una denegaci\u00f3n de servicio o la posibilidad de ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores sin especificar relacionados a la autorizaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:allegrosoft:rompager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.07\",\"matchCriteriaId\":\"FDBB61DF-D173-4046-B619-C762147742A8\"}]}]}],\"references\":[{\"url\":\"http://mis.fortunecook.ie/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://mis.fortunecook.ie/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2014-AVI-536
Vulnerability from certfr_avis - Published: 2014-12-19 - Updated: 2014-12-19
De multiples vulnérabilités ont été corrigées dans Huawei RomPager. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Huawei HG530 versions antérieures à HG530 V100R001C10B025
| Vendor | Product | Description |
|---|
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eHuawei HG530 versions ant\u00e9rieures \u00e0 HG530 V100R001C10B025\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-9222",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9222"
},
{
"name": "CVE-2014-9223",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9223"
}
],
"initial_release_date": "2014-12-19T00:00:00",
"last_revision_date": "2014-12-19T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141219- RomPager du 19 d\u00e9cembre 2014",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
}
],
"reference": "CERTFR-2014-AVI-536",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHuawei RomPager\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Huawei RomPager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141219- RomPager du 19 d\u00e9cembre 2014",
"url": null
}
]
}
FKIE_CVE-2014-9223
Vulnerability from fkie_nvd - Published: 2014-12-24 18:59 - Updated: 2026-06-17 00:17| Vendor | Product | Version | |
|---|---|---|---|
| allegrosoft | rompager | * |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:allegrosoft:rompager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBB61DF-D173-4046-B619-C762147742A8",
"versionEndIncluding": "4.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization."
},
{
"lang": "es",
"value": "Desbordamiento de buffer m\u00faltiple en AllegroSoft RomPager, utilizado en productos Huawei Home Gateway y otros proveedores y productos, permite a atacantes remotos causar una denegaci\u00f3n de servicio o la posibilidad de ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores sin especificar relacionados a la autorizaci\u00f3n."
}
],
"id": "CVE-2014-9223",
"lastModified": "2026-06-17T00:17:57.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-24T18:59:07.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://mis.fortunecook.ie/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://mis.fortunecook.ie/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-3827-X3C5-9QVC
Vulnerability from github – Published: 2022-05-17 03:49 – Updated: 2025-04-12 12:43Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.
{
"affected": [],
"aliases": [
"CVE-2014-9223"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-12-24T18:59:00Z",
"severity": "HIGH"
},
"details": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.",
"id": "GHSA-3827-x3c5-9qvc",
"modified": "2025-04-12T12:43:23Z",
"published": "2022-05-17T03:49:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9223"
},
{
"type": "WEB",
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
},
{
"type": "WEB",
"url": "http://mis.fortunecook.ie"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2014-9223
Vulnerability from gsd - Updated: 2023-12-13 01:22{
"GSD": {
"alias": "CVE-2014-9223",
"description": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.",
"id": "GSD-2014-9223"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-9223"
],
"details": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.",
"id": "GSD-2014-9223",
"modified": "2023-12-13T01:22:48.160977Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mis.fortunecook.ie/",
"refsource": "MISC",
"url": "http://mis.fortunecook.ie/"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"name": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html",
"refsource": "CONFIRM",
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:allegrosoft:rompager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.07",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9223"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mis.fortunecook.ie/",
"refsource": "MISC",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://mis.fortunecook.ie/"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"name": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2016-09-06T13:44Z",
"publishedDate": "2014-12-24T18:59Z"
}
}
}
VAR-201412-0434
Vulnerability from variot - Updated: 2025-04-13 22:54Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization. Allegro's RomPager is an embedded WEB service product, which is more used to provide WWW management capabilities for network printers, switches and other network devices.
Allegro RomPager is vulnerable to a buffer overflow because it fails to perform adequate boundary checks on user-supplied input. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected application. Failed exploit attempts will likely result in denial-of-service conditions. Allegro RomPager 4.07 and prior to 4.34 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0434",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rompager",
"scope": "lte",
"trust": 1.0,
"vendor": "allegrosoft",
"version": "4.07"
},
{
"model": "rompager",
"scope": "eq",
"trust": 0.9,
"vendor": "allegro",
"version": "4.07"
},
{
"model": "rompager",
"scope": null,
"trust": 0.8,
"vendor": "allegro",
"version": null
},
{
"model": "rompager",
"scope": "lte",
"trust": 0.6,
"vendor": "allegro",
"version": "\u003c=4.34"
},
{
"model": "rompager",
"scope": "eq",
"trust": 0.6,
"vendor": "allegrosoft",
"version": "4.07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "BID",
"id": "71756"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:allegrosoft:rompager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lior Oppenheim of Check Point Software Technologies",
"sources": [
{
"db": "BID",
"id": "71756"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9223",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9223",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09123",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9223",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9223",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-09123",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-498",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization. Allegro\u0027s RomPager is an embedded WEB service product, which is more used to provide WWW management capabilities for network printers, switches and other network devices. \n\nAllegro RomPager is vulnerable to a buffer overflow because it fails to perform adequate boundary checks on user-supplied input. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nAllegro RomPager 4.07 and prior to 4.34 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9223"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "BID",
"id": "71756"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9223",
"trust": 3.4
},
{
"db": "BID",
"id": "71756",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-09123",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "BID",
"id": "71756"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"id": "VAR-201412-0434",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"network device"
],
"sub_category": "gateway",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-04-13T22:54:41.693000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Allegro Software Urges Manufacturers To Maintain Firmware for Highest Level of Embedded Device Security",
"trust": 0.8,
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
},
{
"title": "Security Advisory-Multiple Vulnerabilities in the RomPager Component of Home Gateway",
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"title": "Patch for Allegro rompager buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/53106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://mis.fortunecook.ie/"
},
{
"trust": 1.6,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/71756"
},
{
"trust": 1.0,
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9223"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9223"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/blog/fortune-cookie-hole-internet-gateway/index.html"
},
{
"trust": 0.3,
"url": "http://www.allegrosoft.com/embedded-web-server"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-407666.htm"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-406887.htm"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "BID",
"id": "71756"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "BID",
"id": "71756"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71756"
},
{
"date": "2015-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"date": "2014-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"date": "2014-12-24T18:59:07.730000",
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "71756"
},
{
"date": "2015-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"date": "2014-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allegro rompager buffer overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
}
],
"trust": 0.6
}
}
VDE-2026-071
Vulnerability from csaf_jumogmbhcokg - Published: 2026-06-23 10:00 - Updated: 2026-07-08 10:00Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-33011 | — | ||
| Unresolved product id: CSAFPID-51901 | — |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-33001 | — | ||
| Unresolved product id: CSAFPID-33002 | — | ||
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — |
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-33011 | — | ||
| Unresolved product id: CSAFPID-51901 | — |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-33001 | — | ||
| Unresolved product id: CSAFPID-33002 | — | ||
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — |
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-33011 | — | ||
| Unresolved product id: CSAFPID-51901 | — |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-33001 | — | ||
| Unresolved product id: CSAFPID-33002 | — | ||
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — |
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Medium"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple products from JUMO are affected by webserver vulnerability \"CVE-2013-6786, CVE-2014-9222, CVE-2014-9223. This vulnerability leads to DOS of the device by using a misfortune cookie and reflected XSS attacks.",
"title": "Summary"
},
{
"category": "description",
"text": "DOS vulnerability of the device in case of Misfortune Cookie.\nXSS vulnerability allows remote attackers to inject arbitrary web script or HTML.",
"title": "Impact"
},
{
"category": "description",
"text": "Control the access to the devices webserver by using a Firewall to block traffic from untrusted networks.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to latest software version.\nFor latest software version please contact \nsupport@jumo.net.\n\nFixed for:\n- Version 248.05.02 for JUMO mTRON T Central Processing Unit\n- Version 249.05.03 for JUMO mTRON T Multifunction panel 840\n- Version 266.04.07 for JUMO DICON touch\n- Version 304.09.04 for JUMO AQUIS touch",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@jumo.net",
"name": "JUMO GmbH \u0026 Co. KG",
"namespace": "https://www.jumo.group"
},
"references": [
{
"category": "external",
"summary": "Jumo PSIRT",
"url": "https://www.jumo.group/de/en/services/product-security"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Jumo",
"url": "https://certvde.com/de/advisories/vendor/jumo/"
},
{
"category": "self",
"summary": "VDE-2026-071: JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-071"
},
{
"category": "self",
"summary": "VDE-2026-071: JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices - CSAF",
"url": "https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-071.json"
}
],
"title": "JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices",
"tracking": {
"aliases": [
"VDE-2026-071"
],
"current_release_date": "2026-07-08T10:00:00.000Z",
"generator": {
"date": "2026-07-08T09:12:08.205Z",
"engine": {
"name": "Secvisogram",
"version": "2.6.5"
}
},
"id": "VDE-2026-071",
"initial_release_date": "2026-06-23T10:00:00.000Z",
"revision_history": [
{
"date": "2026-06-23T10:00:00.000Z",
"legacy_version": "1.0.0",
"number": "1.0.0",
"summary": "initial release"
},
{
"date": "2026-07-08T10:00:00.000Z",
"legacy_version": "2.0.0",
"number": "2.0.0",
"summary": "Updated the relationship identifier and adjusted the starting versions in the product tree version ranges."
}
],
"status": "final",
"version": "2.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "JUMO mTRON T Central Processing Unit",
"product": {
"name": "JUMO mTRON T Central Processing Unit",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:jumo:jumo_mtron_t_central_processing_unit:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "JUMO mTRON T Multifunction panel 840",
"product": {
"name": "JUMO mTRON T Multifunction panel 840",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"cpe": "cpe:2.3:h:jumo:jumo_mtron_t_multifunction_panel_840:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "JUMO DICON touch",
"product": {
"name": "JUMO DICON touch",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"cpe": "cpe:2.3:h:jumo:jumo_dicon_touch:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "JUMO AQUIS touch",
"product": {
"name": "JUMO AQUIS touch",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"cpe": "cpe:2.3:h:jumo:jumo_aquis_touch:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003e=1.0.0|\u003c248.05.02",
"product": {
"name": "Firmware \u003c248.05.02",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "248.05.02",
"product": {
"name": "Firmware 248.05.02",
"product_id": "CSAFPID-0021",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:248.05.02:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:semver/\u003e=1.0.0|\u003c249.05.03",
"product": {
"name": "Firmware \u003c249.05.03",
"product_id": "CSAFPID-0023",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "249.05.03",
"product": {
"name": "Firmware 249.05.03",
"product_id": "CSAFPID-0022",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:249.05.03:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:semver/\u003e=1.0.0|\u003c266.04.07",
"product": {
"name": "Firmware \u003c266.04.07",
"product_id": "CSAFPID-0024",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "266.04.07",
"product": {
"name": "Firmware 266.04.07",
"product_id": "CSAFPID-0025",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:266.04.07:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:semver/\u003e=1.0.0|\u003c304.09.04",
"product": {
"name": "Firmware \u003c304.09.04",
"product_id": "CSAFPID-0026",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "304.09.04",
"product": {
"name": "Firmware 304.09.04",
"product_id": "CSAFPID-0027",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:304.09.04:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "JUMO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-33011",
"CSAFPID-51901"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c248.05.02 installed on JUMO mTRON T Central Processing Unit",
"product_id": "CSAFPID-33001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_mtron_t_central_processing_unit:*:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0020",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c249.05.03 installed on JUMO mTRON T Multifunction panel 840",
"product_id": "CSAFPID-33002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_mtron_t_multifunction_panel_840:*:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0023",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c266.04.07 installed on JUMO DICON touch",
"product_id": "CSAFPID-31001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_dicon_touch:*:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0024",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c304.09.04 installed on JUMO AQUIS touch",
"product_id": "CSAFPID-31002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_aquis_touch:*:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0026",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 248.05.02 installed on JUMO mTRON T Central Processing Unit",
"product_id": "CSAFPID-32001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_mtron_t_central_processing_unit:248.05.02:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 249.05.03 installed on JUMO mTRON T Multifunction panel 840",
"product_id": "CSAFPID-32002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_mtron_t_multifunction_panel_840:249.05.03:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0022",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 266.04.07 installed on JUMO DICON touch",
"product_id": "CSAFPID-33011",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_dicon_touch:266.04.07:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0025",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 304.09.04 installed on JUMO AQUIS touch",
"product_id": "CSAFPID-51901",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_aquis_touch:304.09.04:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0027",
"relates_to_product_reference": "CSAFPID-0004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9223",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2014-12-24T11:00:00.000Z",
"notes": [
{
"audience": "all",
"category": "description",
"text": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.",
"title": "CVE description"
},
{
"category": "details",
"text": "DOS vulnerability of the device in case of buffer overflow. For our products we expect a CVSS Score of: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"title": "Vulnerability Characterisation"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-33011",
"CSAFPID-51901"
],
"known_affected": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"references": [
{
"category": "external",
"summary": "CVE Record: CVE-2014-9223",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9223"
},
{
"category": "external",
"summary": "CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C - 10.0 - High",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"release_date": "2014-12-24T11:00:00.000Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-15T10:00:00.000Z",
"details": "Update affected devices to:\n\nVersion 248.05.02 for JUMO mTRON T Central Processing Unit\nVersion 249.05.03 for JUMO mTRON T Multifunction panel 840\nVersion 266.04.07 for JUMO DICON touch\nVersion 304.09.04 for JUMO AQUIS touch",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"environmentalScore": 10,
"integrityImpact": "COMPLETE",
"temporalScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "Multiple buffer overflows in AllegroSoft RomPager"
},
{
"cve": "CVE-2013-6786",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2014-01-16T11:00:00.000Z",
"notes": [
{
"audience": "operational management and system administrators",
"category": "details",
"text": "XSS vulnerability allows remote attackers to inject arbitrary web script or HTML.",
"title": "Vulnerability Characterisation"
},
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the \"forbidden author header\" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a \"URL redirection\" issue that some sources list separately.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-33011",
"CSAFPID-51901"
],
"known_affected": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"references": [
{
"category": "external",
"summary": "CVE Record: CVE-2013-6786",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6786"
},
{
"category": "external",
"summary": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N - 4.3 - Medium",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"release_date": "2014-01-16T11:00:00.000Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-15T10:00:00.000Z",
"details": "Update affected devices to:\n\nVersion 248.05.02 for JUMO mTRON T Central Processing Unit\nVersion 249.05.03 for JUMO mTRON T Multifunction panel 840\nVersion 266.04.07 for JUMO DICON touch\nVersion 304.09.04 for JUMO AQUIS touch",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "PARTIAL",
"temporalScore": 4.3,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "Cross-site scripting (XSS) vulnerability in Allegro RomPager"
},
{
"cve": "CVE-2014-9222",
"discovery_date": "2014-12-24T11:00:00.000Z",
"notes": [
{
"category": "description",
"text": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability.",
"title": "CVE Description"
},
{
"category": "details",
"text": "XSS vulnerability allows remote attackers to inject arbitrary web script or HTML.",
"title": "Vulnerability Characterisation"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-33011",
"CSAFPID-51901"
],
"known_affected": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"references": [
{
"category": "external",
"summary": "CVE Record: CVE-2014-9222",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9222"
},
{
"category": "external",
"summary": "CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C - 10.0 - High",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"release_date": "2014-12-24T11:00:00.000Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:00:00.000Z",
"details": "Update affected devices to:\n\nVersion 248.05.02 for JUMO mTRON T Central Processing Unit\nVersion 249.05.03 for JUMO mTRON T Multifunction panel 840\nVersion 266.04.07 for JUMO DICON touch\nVersion 304.09.04 for JUMO AQUIS touch",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"environmentalScore": 10,
"integrityImpact": "COMPLETE",
"temporalScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "Misfortune Cookie vulnerability in AllegroSoft RomPager 4.34"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.