CVE-2014-9222

EXPLOITED

Allegro Software RomPager

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2014-9222 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including BenChaliah, mercul1ninna, donfanning, including a Metasploit module auxiliary/admin/http/allegro_rompager_auth_bypass.

AI-analyzed exploit summary This repository provides a detailed writeup and reverse engineering analysis of CVE-2014-9222, focusing on the 'Misfortune Cookie' vulnerability in RomPager 4.07. It includes steps for firmware extraction, debugging, and identifying the password generation algorithm for hidden commands.

Description

AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.

Exploits (5)

nomisec WRITEUP 6 stars
by BenChaliah · poc
https://github.com/BenChaliah/MIPS-CVE-2014-9222

This repository provides a detailed writeup and reverse engineering analysis of CVE-2014-9222, focusing on the 'Misfortune Cookie' vulnerability in RomPager 4.07. It includes steps for firmware extraction, debugging, and identifying the password generation algorithm for hidden commands.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: RomPager 4.07 (embedded in various routers)
No auth needed
Prerequisites: Physical access to the router via UART-to-USB · IDA Pro or Radare2 for reverse engineering · Router running RomPager 4.07
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by mercul1ninna · poc
https://github.com/mercul1ninna/MIPS-CVE-2014-9222

This repository provides a detailed technical analysis of CVE-2014-9222, focusing on reverse engineering the firmware of a ZXHN H108L router running Rompager 4.07. It includes steps for dynamic and static analysis, such as extracting firmware, identifying hidden debug commands, and analyzing the password generator algorithm in MIPS assembly.

Classification
Writeup 95%
Attack Type
Auth Bypass
Complexity
Complex
Reliability
Theoretical
Target: RomPager 4.07
No auth needed
Prerequisites: Router running Rompager 4.07 · UART to USB adapter · IDA Pro or Radare2 · Firmware dumping tools
devstral-2 · analyzed Feb 20, 2026 Full analysis →
nomisec WRITEUP
by donfanning · poc
https://github.com/donfanning/MIPS-CVE-2014-9222

This repository provides a detailed technical analysis of CVE-2014-9222, focusing on reverse engineering the firmware of a ZXHN H108L router to exploit the 'Misfortune Cookie' vulnerability in RomPager 4.07. It includes steps for dynamic and static analysis, firmware extraction, and identifying the password generator algorithm.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: RomPager 4.07 (AllegroSoft)
Auth required
Prerequisites: Physical access to the router via UART-to-USB · IDA Pro or Radare2 for reverse engineering · Router running RomPager 4.07
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/allegro_rompager_auth_bypass.rb

This Metasploit module exploits the 'Misfortune Cookie' vulnerability (CVE-2014-9222) in Allegro Software RomPager versions before 4.34, allowing authentication bypass by sending crafted cookie values to vulnerable devices.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Allegro Software RomPager < 4.34
No auth needed
Prerequisites: Network access to the target device · Vulnerable RomPager version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb

This Metasploit module scans for the 'Misfortune Cookie' vulnerability (CVE-2014-9222) in Allegro Software RomPager versions before 4.34. It checks for the vulnerability by testing if a crafted cookie can overwrite the requested URI, potentially allowing authentication bypass.

Classification
Scanner 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Allegro Software RomPager < 4.34
No auth needed
Prerequisites: Network access to the target HTTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Technical Description, Third Party Advisory x_refsource_misc
http://mis.fortunecook.ie/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105173
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Dec/87
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/561444

Scores

EPSS 0.8645
EPSS Percentile 99.4%

Details

VulnCheck KEV 2017-04-11
CWE
CWE-17
Status published
Products (1)
allegrosoft/rompager < 4.07
Published Dec 24, 2014
Tracked Since Feb 18, 2026