Vulnerability Details CVE-2009-2272
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2009-2272
-
cpe:2.3:h:huawei:d100:-
-
cpe:2.3:o:huawei:d100_firmware:-