CVE-2009-4196 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort (8) wzVIRTUALSVR_endPortLocal (9) wzVIRTUALSVR_IndexFlag (10) wzVIRTUALSVR_localIP (11) wzVIRTUALSVR_startPort and (12) wzVIRTUALSVR_startPortLocal parameters to rpNATvirsvr_argen_1; (13) Connect_DialFlag (14) Connect_DialHidden and (15) Connect_Flag parameters to rpStatus_argen_1; (16) Telephone_select and (17) wzFirstFlag parameters to rpwizard_1; and (18) wzConnectFlag parameter to rpwizPppoe_1.

Reference

http://www.exploit-db.com/exploits/10276 http://www.securityfocus.com/bid/37194 https://exchange.xforce.ibmcloud.com/vulnerabilities/54526