PT-2009-6361 · Huawei · Huawei Mt882

Decodex01

Published

2009-12-04

Updated

2017-08-17

CVE-2009-4197

CVSS v2.0

4.7

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Huawei MT882 V100R002B020 ARG-T version 3.7.9.98

Description The issue concerns a form in rpwizPppoe.htm that does not disable the autocomplete setting for the password parameter. This makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete.

Recommendations For version 3.7.9.98, consider disabling the autocomplete feature for the password parameter in the rpwizPppoe.htm form to prevent easy access to the password.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2009-4197

Affected Products

Huawei Mt882

PT-2009-6361 · Huawei · Huawei Mt882

CVE-2009-4197

Related Identifiers

Affected Products

References · 5