The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
References
Link | Resource |
---|---|
http://www.securityfocus.com/archive/1/504645/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
13 Feb 2024, 16:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:huawei:d100:-:*:*:*:*:*:*:* cpe:2.3:o:huawei:d100_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Huawei d100 Firmware
Huawei d100 |
|
CWE | CWE-312 | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/504645/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
Information
Published : 2009-07-01 13:00
Updated : 2024-02-28 11:21
NVD link : CVE-2009-2272
Mitre link : CVE-2009-2272
CVE.ORG link : CVE-2009-2272
JSON object : View
Products Affected
huawei
- d100_firmware
- d100
CWE
CWE-312
Cleartext Storage of Sensitive Information