Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.
oryginał ENAV:N/AC:M/Au:N/C:N/I:P/A:NAllegrosoft Rompager
APPAllegrosoft≤ 4.07Dlink Dsl 2640r
HWDlinkwszystkie wersjeDlink Dsl 2641r
HWDlinkwszystkie wersjeHuawei Mt882
HWHuaweiwszystkie wersjeSitecom Wl 174
HWSitecomwszystkie wersjeTp Link Td 8816
HWTp-Linkwszystkie wersjeZyxel P 660hw D1
HWZyxelwszystkie wersje
Powiązane podatności
The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relie...
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products,...
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors a...
The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboo...
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) throu...