CVE-2009-4197

Huawei MT882 V100R002B020 ARG-T - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4197. PoCs published by DecodeX01.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2009-4196, focusing on multiple XSS vulnerabilities in a RomPager/4.07 UPnP/1.0 device. It includes affected endpoints, payload examples, and impact assessment.

Description

rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete.

Exploits (1)

exploitdb WRITEUP VERIFIED
by DecodeX01 · textwebappshardware
https://www.exploit-db.com/exploits/10276

This is a detailed technical analysis of CVE-2009-4196, focusing on multiple XSS vulnerabilities in a RomPager/4.07 UPnP/1.0 device. It includes affected endpoints, payload examples, and impact assessment.

Classification
Writeup 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: RomPager/4.07 UPnP/1.0 (Firmware Release: 3.7.9.98)
No auth needed
Prerequisites: Network access to the target device
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/10276
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54528
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37194

Scores

EPSS 0.0047
EPSS Percentile 37.2%

Details

Status published
Products (2)
huawei/mt882_modem v100r002b020_arg-t
huawei/mt882_modem_firmware 3.7.9.98
Published Dec 04, 2009
Tracked Since Feb 18, 2026