Vulnerabilities > CVE-2009-4197 - Cross-Site Scripting and Information Disclosure vulnerability in Huawei Mt882 Modem and Mt882 Modem Firmware
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 2 | |
| Application | 1 |
Exploit-Db
| description | Huawei MT882 Modem/Router Multiple Vulnerabilities. CVE-2009-4196,CVE-2009-4197. Webapps exploit for hardware platform |
| file | exploits/hardware/webapps/10276.txt |
| id | EDB-ID:10276 |
| last seen | 2016-02-01 |
| modified | 2009-12-03 |
| platform | hardware |
| port | |
| published | 2009-12-03 |
| reporter | DecodeX01 |
| source | https://www.exploit-db.com/download/10276/ |
| title | Huawei MT882 Modem/Router Multiple Vulnerabilities |
| type | webapps |