CVE-2009-2272
First published: Wed Jul 01 2009(Updated: )
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei D100 | ||
| All of | ||
| Huawei D100 Firmware | ||
| Huawei D100 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-2272?
CVE-2009-2272 is considered to be a high severity vulnerability due to the exposure of sensitive information.
How do I fix CVE-2009-2272?
To fix CVE-2009-2272, it is recommended to update the Huawei D100 router firmware to a version that does not store credentials in cleartext.
What kind of information is exposed by CVE-2009-2272?
CVE-2009-2272 exposes the administrator's account name and password stored in a cookie.
Who is affected by CVE-2009-2272?
Users of the Huawei D100 router and its associated firmware versions are affected by CVE-2009-2272.
What are the potential attack vectors for CVE-2009-2272?
Potential attack vectors for CVE-2009-2272 include reading cookie files and network sniffing for HTTP headers.
- agent/type
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/huawei
- canonical/huawei d100
- canonical/huawei d100 firmware