Huawei: >> D100 Firmware Security Vulnerabilities
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
CVSS Score
7.5
EPSS Score
0.003
Published
2009-07-01
The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
5.0
EPSS Score
0.001
Published
2009-07-01