Cleartext Credential Exposure in Huawei D100 Devices
CVE-2009-2272

7.5HIGH

Key Information:

Vendor: Huawei
Status: D100 Router
Vendor: CVE Published:; 1 July 2009

What is CVE-2009-2272?

The Huawei D100 device exposes administrator credentials by storing account names and passwords in plain text within cookies. This vulnerability allows attackers to access sensitive information through various means, including reading cookie files, intercepting HTTP headers, and potentially exploiting additional, unspecified methods. Organizations using the D100 should take immediate steps to mitigate the risks associated with this vulnerability to ensure the protection of critical information.

References

http://www.securityfocus.com/archive/1/504645/100/0/threaded

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2009
Vulnerability Reserved
Jul 1, 2009