CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0522 – Allegro RomPager HTTP POST Request cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-0522
A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. • https://vuldb.com/?ctiid.250692 https://vuldb.com/?id.250692 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2014-9223
https://notcve.org/view.php?id=CVE-2014-9223
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization. Desbordamiento de buffer múltiple en AllegroSoft RomPager, utilizado en productos Huawei Home Gateway y otros proveedores y productos, permite a atacantes remotos causar una denegación de servicio o la posibilidad de ejecutar código arbitrario a través de vectores sin especificar relacionados a la autorización. • http://mis.fortunecook.ie http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 2CVE-2014-9222 – Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Authentication Bypass
https://notcve.org/view.php?id=CVE-2014-9222
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability. AllegroSoft RomPager 4.34 y anteriores, utilizado en productos Huawei Home Gateway y otros proveedores y productos, permite a atacantes remotos obtener privilegios a través de una cookie modificada que provoca una corrupción en memoria, también conocido como la vulnerabilidad 'Misfortune Cookie' • https://github.com/BenChaliah/MIPS-CVE-2014-9222 https://github.com/donfanning/MIPS-CVE-2014-9222 http://mis.fortunecook.ie http://seclists.org/fulldisclosure/2014/Dec/87 http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm http://www.kb.cert.org/vuls/id/561444 http://www.securityfocus.com/bid/105173 https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html • CWE-17: DEPRECATED: Code •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 2CVE-2013-6786
https://notcve.org/view.php?id=CVE-2013-6786
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately. Vulnerabilidad de XSS en Allegro RomPager anterior a la versión 4.51, tal y como se usa en ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, y D-Link DSL-2640R y DSL-2641R, cuando los mecanismos de protección "forbidden author header" son evadidos, permite a atacantes remotos inyectar script Web o HTML arbitrario mediante la petición de una URI no existente en conjunción con una cabecera HTTP Referer manipulada que no es manejada adecuadamente en una página 404. NOTA: no hay CVE para una "redirección de URL", que algunas fuentes enumeran por separado. • http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf http://osvdb.org/99694 http://osvdb.org/ref/99/rompager407.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •