VDB
CVE-2014-9222
CVE-2014-9222
PUBLISHED
CVSS 10 CRITICAL
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
EPSS 86.45% · 99.4th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
86.45%
99.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| allegrosoft | rompager | 0 |
| n/a | n/a | n/a |
Timeline
- Dec 24, 2014 CVE Published
- May 31, 2015 PoC Published
- Apr 26, 2016 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://mis.fortunecook.ie/ url
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm url
- 105173 vdb
- https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html url
- 20141219 The Misfortune Cookie Vulnerability mailing-list
- VU#561444 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2014-9222 advisory
- http://mis.fortunecook.ie url