Sign-up

ID

VAR-201412-0434


CVE

CVE-2014-9223


TITLE

Allegro rompager buffer overflow vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-09123 // CNNVD: CNNVD-201412-498

DESCRIPTION

Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization. Allegro's RomPager is an embedded WEB service product, which is more used to provide WWW management capabilities for network printers, switches and other network devices. Allegro RomPager is vulnerable to a buffer overflow because it fails to perform adequate boundary checks on user-supplied input. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected application. Failed exploit attempts will likely result in denial-of-service conditions. Allegro RomPager 4.07 and prior to 4.34 are vulnerable

Trust: 2.43

sources: NVD: CVE-2014-9223 // JVNDB: JVNDB-2014-007402 // CNVD: CNVD-2014-09123 // BID: 71756

IOT TAXONOMY

category:['network device']sub_category:gateway

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:allegrosoftmodel:rompagerscope:lteversion:4.07

Trust: 1.0

vendor:allegromodel:rompagerscope:eqversion:4.07

Trust: 0.9

vendor:allegromodel:rompagerscope: - version: -

Trust: 0.8

vendor:allegromodel:rompagerscope:lteversion:<=4.34

Trust: 0.6

vendor:allegrosoftmodel:rompagerscope:eqversion:4.07

Trust: 0.6

sources: CNVD: CNVD-2014-09123 // BID: 71756 // JVNDB: JVNDB-2014-007402 // CNNVD: CNNVD-201412-498 // NVD: CVE-2014-9223

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9223
value: HIGH

Trust: 1.0

NVD: CVE-2014-9223
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-09123
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201412-498
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2014-9223
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-09123
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-09123 // JVNDB: JVNDB-2014-007402 // CNNVD: CNNVD-201412-498 // NVD: CVE-2014-9223

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2014-007402 // NVD: CVE-2014-9223

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-498

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201412-498

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007402

PATCH
title:Allegro Software Urges Manufacturers To Maintain Firmware for Highest Level of Embedded Device Securityurl:https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html
Trust: 0.8
title:Security Advisory-Multiple Vulnerabilities in the RomPager Component of Home Gatewayurl:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm
Trust: 0.8
title:Patch for Allegro rompager buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/53106
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-09123 // 
            
            
            
            JVNDB: JVNDB-2014-007402

EXTERNAL IDS
db:NVDid:CVE-2014-9223
Trust: 3.4
db:BIDid:71756
Trust: 1.5
db:JVNDBid:JVNDB-2014-007402
Trust: 0.8
db:CNVDid:CNVD-2014-09123
Trust: 0.6
db:CNNVDid:CNNVD-201412-498
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2014-09123 // 
            
            
            
            BID: 71756 // 
            
            
            
            JVNDB: JVNDB-2014-007402 // 
            
            
            
            CNNVD: CNNVD-201412-498 // 
            
            
            
            NVD: CVE-2014-9223

REFERENCES
url:http://mis.fortunecook.ie/
Trust: 2.4
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm
Trust: 1.6
url:http://www.securityfocus.com/bid/71756
Trust: 1.2
url:https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9223
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9223
Trust: 0.8
url:http://www.checkpoint.com/blog/fortune-cookie-hole-internet-gateway/index.html
Trust: 0.3
url:http://www.allegrosoft.com/embedded-web-server
Trust: 0.3
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-407666.htm
Trust: 0.3
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-406887.htm
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2014-09123 // 
            
            
            
            BID: 71756 // 
            
            
            
            JVNDB: JVNDB-2014-007402 // 
            
            
            
            CNNVD: CNNVD-201412-498 // 
            
            
            
            NVD: CVE-2014-9223

CREDITS
Lior Oppenheim of Check Point Software Technologies
Trust: 0.9
sources:
            
            
            BID: 71756 // 
            
            
            
            CNNVD: CNNVD-201412-498

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2014-09123
db:BIDid:71756
db:JVNDBid:JVNDB-2014-007402
db:CNNVDid:CNNVD-201412-498
db:NVDid:CVE-2014-9223

LAST UPDATE DATE
2025-04-13T22:54:41.693000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-09123date:2014-12-25T00:00:00
db:BIDid:71756date:2015-03-19T08:33:00
db:JVNDBid:JVNDB-2014-007402date:2015-01-05T00:00:00
db:CNNVDid:CNNVD-201412-498date:2014-12-31T00:00:00
db:NVDid:CVE-2014-9223date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-09123date:2014-12-25T00:00:00
db:BIDid:71756date:2014-12-19T00:00:00
db:JVNDBid:JVNDB-2014-007402date:2015-01-05T00:00:00
db:CNNVDid:CNNVD-201412-498date:2014-12-25T00:00:00
db:NVDid:CVE-2014-9223date:2014-12-24T18:59:07.730