Details of VAR-200912-0137

ID

VAR-200912-0137

CVE

CVE-2009-4197

TITLE

Huawei MT882 modem firmware of rpwizPppoe.htm Password acquisition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-005179

DESCRIPTION

rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. Huawei MT882l is a small ADSL modem. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Huawei MT882 Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA37568 VERIFY ADVISORY: http://secunia.com/advisories/37568/ DESCRIPTION: DecodeX01 has reported multiple vulnerabilities in Huawei MT882, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "BackButton" parameter in Forms/error_1, "wzConnFlag" in Forms/fresh_pppoe_1, "diag_pppindex_argen" and "DiagStartFlag" in Forms/rpDiag_argen_1, "wzdmz_active" and "wzdmzHostIP" in Forms/rpNATdmz_argen_1, "wzVIRTUALSVR_endPort", "wzVIRTUALSVR_endPortLocal", "wzVIRTUALSVR_IndexFlag", "wzVIRTUALSVR_localIP", "wzVIRTUALSVR_startPort", and "wzVIRTUALSVR_startPortLocal" in Forms/rpNATvirsvr_argen_1, "Connect_DialFlag", "Connect_DialHidden", and "Connect_Flag" in Forms/rpStatus_argen_1, "Telephone_select" and "wzFirstFlag" in Forms/rpwizard_1, and "wzConnectFlag" in Forms/rpwizPppoe_1 is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 3.7.9.98. Other version may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: DecodeX01 ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/10276 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2009-4197 // JVNDB: JVNDB-2009-005179 // VULHUB: VHN-41643 // PACKETSTORM: 83713

AFFECTED PRODUCTS

vendor:	huawei	model:	mt882 modem	scope:	eq	version:	3.7.9.98	Trust: 2.4
vendor:	huawei	model:	mt882 modem	scope:	eq	version:	v100r002b020_arg-t	Trust: 1.0
vendor:	huawei	model:	smartax mt882	scope:	eq	version:	v100r002b020 arg-t	Trust: 0.8
vendor:	huawei	model:	mt882 v100t002b020 arg-t	scope:	eq	version:	firmware_3.7.9.98	Trust: 0.6

sources: JVNDB: JVNDB-2009-005179 // CNNVD: CNNVD-200912-062 // NVD: CVE-2009-4197

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-4197
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-4197
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200912-062
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-41643
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-4197
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-41643
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-41643 // JVNDB: JVNDB-2009-005179 // CNNVD: CNNVD-200912-062 // NVD: CVE-2009-4197

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-DesignError	Trust: 0.8

sources: JVNDB: JVNDB-2009-005179 // NVD: CVE-2009-4197

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200912-062

TYPE

design error

Trust: 0.6

sources: CNNVD: CNNVD-200912-062

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-005179

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-41643

PATCH

title:

Top Page

url:

http://www.huawei.com/en/

Trust: 0.8

sources: JVNDB: JVNDB-2009-005179

EXTERNAL IDS

db:	NVD	id:	CVE-2009-4197	Trust: 2.5
db:	EXPLOIT-DB	id:	10276	Trust: 1.8
db:	BID	id:	37194	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-005179	Trust: 0.8
db:	CNNVD	id:	CNNVD-200912-062	Trust: 0.7
db:	XF	id:	54528	Trust: 0.6
db:	SECUNIA	id:	37568	Trust: 0.2
db:	VULHUB	id:	VHN-41643	Trust: 0.1
db:	PACKETSTORM	id:	83713	Trust: 0.1

sources: VULHUB: VHN-41643 // JVNDB: JVNDB-2009-005179 // PACKETSTORM: 83713 // CNNVD: CNNVD-200912-062 // NVD: CVE-2009-4197

REFERENCES

url:	http://www.exploit-db.com/exploits/10276	Trust: 1.8
url:	http://www.securityfocus.com/bid/37194	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/54528	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4197	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4197	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/54528	Trust: 0.6
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/advisories/37568/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-41643 // JVNDB: JVNDB-2009-005179 // PACKETSTORM: 83713 // CNNVD: CNNVD-200912-062 // NVD: CVE-2009-4197

CREDITS

DecodeX01

Trust: 0.6

sources: CNNVD: CNNVD-200912-062

SOURCES

db:	VULHUB	id:	VHN-41643
db:	JVNDB	id:	JVNDB-2009-005179
db:	PACKETSTORM	id:	83713
db:	CNNVD	id:	CNNVD-200912-062
db:	NVD	id:	CVE-2009-4197

LAST UPDATE DATE

2025-04-10T23:15:29.935000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-41643	date:	2017-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2009-005179	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200912-062	date:	2021-07-13T00:00:00
db:	NVD	id:	CVE-2009-4197	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-41643	date:	2009-12-04T00:00:00
db:	JVNDB	id:	JVNDB-2009-005179	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	83713	date:	2009-12-10T17:01:34
db:	CNNVD	id:	CNNVD-200912-062	date:	2009-12-04T00:00:00
db:	NVD	id:	CVE-2009-4197	date:	2009-12-04T11:30:00.860