CVE-2009-4197

rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete.

CVSS v2.0 4.7 MEDIUM

4.7^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:N/A:N

Exploitability : 3.4 / Impact : 6.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.exploit-db.com/exploits/10276	Exploit
http://www.securityfocus.com/bid/37194
https://exchange.xforce.ibmcloud.com/vulnerabilities/54528

Configurations

Configuration 1 (hide)

cpe:2.3:h:huawei:mt882_v100t002b020_arg-t:firmware_3.7.9.98:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:huawei:mt882_modem_firmware:3.7.9.98:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mt882_modem:v100r002b020_arg-t:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-12-04 11:30

Updated : 2017-08-17 01:31

NVD link : CVE-2009-4197

Mitre link : CVE-2009-4197

CVE.ORG link : CVE-2009-4197

JSON object : View

Products Affected

huawei

mt882_modem_firmware
mt882_modem
mt882_v100t002b020_arg-t

CWE

NVD-CWE-Other

{"id": "CVE-2009-4197", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-12-04T11:30:00.860", "references": [{"url": "http://www.exploit-db.com/exploits/10276", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/37194", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54528", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete."}, {"lang": "es", "value": "rpwizPppoe.htm en Huawei MT882 V100R002B020 ARG-T ejecutando el firmware v3.7.9.98 contiene un formulario que no deshabilita la configuraci\u00f3n de autocompletado para el par\u00e1metro \"password\", lo que facilita a un usuario local o a un atacante f\u00edsicamente pr\u00f3ximo obtener la contrase\u00f1a desde navegadores web que soporten el autocompletado."}], "lastModified": "2017-08-17T01:31:28.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mt882_v100t002b020_arg-t:firmware_3.7.9.98:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FE8845ED-BEA2-42C7-BC6E-7F7783055484"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:mt882_modem_firmware:3.7.9.98:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76CBDC9C-9CC2-4B7E-AA28-6160E16222C2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mt882_modem:v100r002b020_arg-t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "441C9425-A051-429F-A9CF-C63DC7A3C063"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}