CVE-2009-2274

Huawei D100 - Unauthenticated Sensitive Information Exposure via Direct ASP Request

Title source: llm
STIX 2.1

Description

The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504645/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35638

Scores

EPSS 0.0013
EPSS Percentile 32.1%

Details

CWE
CWE-200
Status published
Products (1)
huawei/d100
Published Jul 01, 2009
Tracked Since Feb 18, 2026