Security Notice-Multiple Vulnerabilities in the RomPager Component of Home Gateway
- Initial Release Date: 2014-12-19
- Last Release Date: 2014-12-24
Huawei was aware of multiple RomPager security vulnerabilities in Huawei Home Gateway disclosed by Check Point. Those vulnerabilities include:
- RomPager Authentication Security Bypass - Misfortune Cookie (CVE-2014-9222)
- RomPager Authorization Buffer Overflow Denial of Service (CVE-2014-9223)
The investigation has been completed. The affected Home Gateway includes Echolife HG530 and HG520c.
Fixes for HG530 and HG520c are available. Huawei has released a security advisory (SA) and fixed versions. Customers can ask for support from local Huawei technical support services if necessary. The links is:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.
2014-12-24 V1.1 UPDATE HG520c Release the Fixed Version
2014-12-19 V1.0 INITIALHuawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.