VAR-201412-0434
Vulnerability from variot - Updated: 2025-04-13 22:54Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization. Allegro's RomPager is an embedded WEB service product, which is more used to provide WWW management capabilities for network printers, switches and other network devices.
Allegro RomPager is vulnerable to a buffer overflow because it fails to perform adequate boundary checks on user-supplied input. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected application. Failed exploit attempts will likely result in denial-of-service conditions. Allegro RomPager 4.07 and prior to 4.34 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0434",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rompager",
"scope": "lte",
"trust": 1.0,
"vendor": "allegrosoft",
"version": "4.07"
},
{
"model": "rompager",
"scope": "eq",
"trust": 0.9,
"vendor": "allegro",
"version": "4.07"
},
{
"model": "rompager",
"scope": null,
"trust": 0.8,
"vendor": "allegro",
"version": null
},
{
"model": "rompager",
"scope": "lte",
"trust": 0.6,
"vendor": "allegro",
"version": "\u003c=4.34"
},
{
"model": "rompager",
"scope": "eq",
"trust": 0.6,
"vendor": "allegrosoft",
"version": "4.07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "BID",
"id": "71756"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:allegrosoft:rompager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lior Oppenheim of Check Point Software Technologies",
"sources": [
{
"db": "BID",
"id": "71756"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9223",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9223",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-09123",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9223",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9223",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-09123",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-498",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization. Allegro\u0027s RomPager is an embedded WEB service product, which is more used to provide WWW management capabilities for network printers, switches and other network devices. \n\nAllegro RomPager is vulnerable to a buffer overflow because it fails to perform adequate boundary checks on user-supplied input. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nAllegro RomPager 4.07 and prior to 4.34 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9223"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "BID",
"id": "71756"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9223",
"trust": 3.4
},
{
"db": "BID",
"id": "71756",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-09123",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "BID",
"id": "71756"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"id": "VAR-201412-0434",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"network device"
],
"sub_category": "gateway",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-04-13T22:54:41.693000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Allegro Software Urges Manufacturers To Maintain Firmware for Highest Level of Embedded Device Security",
"trust": 0.8,
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
},
{
"title": "Security Advisory-Multiple Vulnerabilities in the RomPager Component of Home Gateway",
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"title": "Patch for Allegro rompager buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/53106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://mis.fortunecook.ie/"
},
{
"trust": 1.6,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/71756"
},
{
"trust": 1.0,
"url": "https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9223"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9223"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/blog/fortune-cookie-hole-internet-gateway/index.html"
},
{
"trust": 0.3,
"url": "http://www.allegrosoft.com/embedded-web-server"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-407666.htm"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-406887.htm"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "BID",
"id": "71756"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "BID",
"id": "71756"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71756"
},
{
"date": "2015-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"date": "2014-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"date": "2014-12-24T18:59:07.730000",
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "71756"
},
{
"date": "2015-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007402"
},
{
"date": "2014-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-498"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-9223"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allegro rompager buffer overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09123"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-498"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…