CVE-2009-2272

The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
References
Link Resource
http://www.securityfocus.com/archive/1/504645/100/0/threaded Broken Link Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:huawei:d100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:d100:-:*:*:*:*:*:*:*

History

13 Feb 2024, 16:10

Type Values Removed Values Added
CPE cpe:2.3:h:huawei:d100_router:*:*:*:*:*:*:*:* cpe:2.3:h:huawei:d100:-:*:*:*:*:*:*:*
cpe:2.3:o:huawei:d100_firmware:-:*:*:*:*:*:*:*
First Time Huawei d100 Firmware
Huawei d100
CWE CWE-310 CWE-312
References (BUGTRAQ) http://www.securityfocus.com/archive/1/504645/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/504645/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
CVSS v2 : 5.0
v3 : unknown
v2 : 5.0
v3 : 7.5

Information

Published : 2009-07-01 13:00

Updated : 2024-02-28 11:21


NVD link : CVE-2009-2272

Mitre link : CVE-2009-2272

CVE.ORG link : CVE-2009-2272


JSON object : View

Products Affected

huawei

  • d100_firmware
  • d100
CWE
CWE-312

Cleartext Storage of Sensitive Information