CVE-2009-4196

Name of the Vulnerable Software and Affected Versions Huawei MT882 V100R002B020 ARG-T version 3.7.9.98

Description The issue allows remote attackers to inject arbitrary web script or HTML via multiple parameters in various scripts. The affected parameters include BackButton to "error 1", wzConnFlag to "fresh pppoe 1", diag pppindex argen and DiagStartFlag to "rpDiag argen 1", wzdmz active and wzdmzHostIP to "rpNATdmz argen 1", wzVIRTUALSVR endPort, wzVIRTUALSVR endPortLocal, wzVIRTUALSVR IndexFlag, wzVIRTUALSVR localIP, wzVIRTUALSVR startPort, and wzVIRTUALSVR startPortLocal to "rpNATvirsvr argen 1", Connect DialFlag, Connect DialHidden, and Connect Flag to "rpStatus argen 1", Telephone select and wzFirstFlag to "rpwizard 1", and wzConnectFlag to "rpwizPppoe 1".

Recommendations To resolve the issue, update the firmware to a version that includes the fix for this problem. At the moment, there is no information about a newer version that contains a fix for this vulnerability.