Approved changes feed: RSS · Atom

cpe:2.3:a:allegrosoft:rompager:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAllegrosoft (dac627cb-b5a7-5f42-9402-89f00712b696)
ProductRompager (e5c4ffbe-9515-52b9-a9c4-00b50556f53e)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2014-9223 vulnerable 2026-06-08 05:06:11.175499 Details available
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.
Published: 2014-12-24T18:00:00.000Z
Updated: 2024-08-06T13:40:24.242Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-9222 vulnerable 2026-06-08 05:06:11.175091 Details available
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
Published: 2014-12-24T18:00:00.000Z
Updated: 2024-08-06T13:40:24.498Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-6786 vulnerable 2026-06-08 05:05:06.940435 Details available
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.
Published: 2014-01-16T19:00:00.000Z
Updated: 2024-08-06T17:46:23.308Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.