Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-9222

Published: 24/12/2014 Updated: 31/08/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Rompager

Vulnerability Summary

AllegroSoft RomPager 4.34 and previous versions, as used in Huawei Home Gateway products and other vendors and products, allows remote malicious users to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

allegrosoft rompager

Exploits

Exploit DB: RomPager 4.34 Authentication Bypass
RomPager versions 434 and below router authentication remover exploit ...
Exploit DB: Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner
This module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 434 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials ...
Exploit DB: Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass
This module exploits HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 434 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials ...
Exploit DB: Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner
This module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 434 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials ...
Exploit DB: Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass
This module exploits HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 434 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials ...

Nmap Scripts

http-vuln-misfortune-cookie

Detects the RomPager 4.07 Misfortune Cookie vulnerability by safely exploiting it.

nmap <target> -p 7547 --script=http-vuln-misfortune-cookie

PORT   STATE SERVICE REASON
7547/tcp open  unknown syn-ack
| http-vuln-misfortune-cookie:
|   VULNERABLE:
|   RomPager 4.07 Misfortune Cookie
|     State: VULNERABLE
|     IDs:  BID:71744  CVE:CVE-2014-9222
|     Description:
| The cookie handling routines in RomPager 4.07 are vulnerable to remote code
| execution. This script has verified the vulnerability by exploiting the web
| server in a safe manner.
|     References:
|       http://www.kb.cert.org/vuls/id/561444
|       http://mis.fortunecook.ie/too-many-cooks-exploiting-tr069_tal-oppenheim_31c3.pdf
|       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9222
|       http://www.checkpoint.com/blog/fortune-cookie-hole-internet-gateway/index.html
|_      http://www.securityfocus.com/bid/71744

Metasploit Modules

Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner

This module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.

msf > use auxiliary/scanner/http/allegro_rompager_misfortune_cookie
msf auxiliary(allegro_rompager_misfortune_cookie) > show actions
    ...actions...
msf auxiliary(allegro_rompager_misfortune_cookie) > set ACTION < action-name >
msf auxiliary(allegro_rompager_misfortune_cookie) > show options
    ...show and set options...
msf auxiliary(allegro_rompager_misfortune_cookie) > run
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass

This module exploits HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.

msf > use auxiliary/admin/http/allegro_rompager_auth_bypass
msf auxiliary(allegro_rompager_auth_bypass) > show actions
    ...actions...
msf auxiliary(allegro_rompager_auth_bypass) > set ACTION < action-name >
msf auxiliary(allegro_rompager_auth_bypass) > show options
    ...show and set options...
msf auxiliary(allegro_rompager_auth_bypass) > run
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner

This module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.

msf > use auxiliary/scanner/http/allegro_rompager_misfortune_cookie
msf auxiliary(allegro_rompager_misfortune_cookie) > show actions
    ...actions...
msf auxiliary(allegro_rompager_misfortune_cookie) > set ACTION < action-name >
msf auxiliary(allegro_rompager_misfortune_cookie) > show options
    ...show and set options...
msf auxiliary(allegro_rompager_misfortune_cookie) > run
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass

This module exploits HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.

msf > use auxiliary/admin/http/allegro_rompager_auth_bypass
msf auxiliary(allegro_rompager_auth_bypass) > show actions
    ...actions...
msf auxiliary(allegro_rompager_auth_bypass) > set ACTION < action-name >
msf auxiliary(allegro_rompager_auth_bypass) > show options
    ...show and set options...
msf auxiliary(allegro_rompager_auth_bypass) > run

Github Repositories

https://github.com/TopCaver/scz_doc_copy

SCZ文档抄录 原文来自 scz617cn 作者SCZ是我学习的榜样,对于各种技术问题的深入钻研,令我十分钦佩。分享的知识点,也在实际工作中对我有很大的帮助。 将scz的技术文档抄录于此,以备不时之需。 Misc 2016-07-28 11:39 JEB 206 52pojie破解方案简评 2016-07-01 16:37 DSA相关的趣味数学题(1)

https://github.com/lazorfuzz/python-hacklib

hacklib - pentesting, port scanning, and logging in anywhere with Python

hacklib Toolkit for hacking enthusiasts using Python hacklib is a Python module for hacking enthusiasts interested in network security It is no longer in active development Installation To get hacklib, simply run in command line: pip install hacklib hacklib also has a user interface To use it, you can do one of the following: Downloa

https://github.com/fundacion-sadosky/misfortune-cookie

Assessment of Misfortune Cookie in Argentina

Assessment of Misfortune Cookie in Argentina This is an assessment of the Misfortune Cookie vulnerability (CVE-2014-9222) found by Check Point in an HTTP server firmware that runs on many home modems, their report states: This severe vulnerability allows an attacker to remotely take over the device with administrative privileges Although the bug that causes the problem has be

Recent Articles

Irish eyes are crying: Tens of thousands of broadband modems wide open to hijacking
The Register • Thomas Claburn in San Francisco • 22 Nov 2016

D1000 can be directed to drop its firewall, allowing access to panel over the internet

Eir, Ireland's largest ISP, has tens of thousands of customers with insecure ADSL2+ modems that appear to be vulnerable to remote takeover. Earlier this month, a security researcher writing under the name "kenzo" has posted a proof-of-concept exploit that demonstrates how an attacker might take control of an Eir D1000 modem. The ZyXEL-built Eir D1000 [PDF] comes with an open TCP port, 7547, which is used by the CPE WAN Management Protocol to manage the modems on Eir's network. According to kenzo...

Read more...
Misfortune Cookie crumbles router security: '12 MILLION+' in hijack risk
The Register • John Leyden • 18 Dec 2014

New claim: Homes, businesses menaced by vulnerable firmware

Infosec biz Check Point claims it has discovered a critical software vulnerability that allows hackers to hijack home and small business broadband routers across the web. The commandeered boxes could be used to launch attacks on PCs and gadgets within their local networks. More than 12 million low-end SOHO routers worldwide are affected by the bug, dubbed Misfortune Cookie, we're told. At least 200 different models of devices from various manufacturers and brands are vulnerable, it's claimed, in...

Read more...

References

CWE-17http://mis.fortunecook.ie/http://seclists.org/fulldisclosure/2014/Dec/87http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htmhttp://www.kb.cert.org/vuls/id/561444https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.htmlhttp://www.securityfocus.com/bid/105173https://nvd.nist.govhttps://github.com/TopCaver/scz_doc_copyhttps://github.com/lazorfuzz/python-hacklibhttps://packetstormsecurity.com/files/136831/RomPager-4.34-Authentication-Bypass.htmlhttps://www.kb.cert.org/vuls/id/561444
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook