This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy (update in May 2018) >

Security Notice-Multiple Vulnerabilities in the RomPager Component of Home Gateway

  • Initial Release Date: Dec 19, 2014
  • Last Release Date: Dec 24, 2014

Huawei was aware of multiple RomPager security vulnerabilities in Huawei Home Gateway disclosed by Check Point. Those vulnerabilities include:

  • RomPager Authentication Security Bypass - Misfortune Cookie (CVE-2014-9222)
  • RomPager Authorization Buffer Overflow Denial of Service (CVE-2014-9223)

The investigation has been completed. The affected Home Gateway includes Echolife HG530 and HG520c.

Fixes for HG530 and HG520c are available. Huawei has released a security advisory (SA) and fixed versions. Customers can ask for support from local Huawei technical support services if necessary. The links is:

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.

2014-12-24 V1.1 UPDATE HG520c Release the Fixed Version

2014-12-19 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.