Immunity, Inc.
Name CVE_2014_9222
CVE CVE-2014-9222
Exploit Pack CANVAS
DescriptionCVE-2014-9222 (Misfortune Cookie)
NotesCVE Name: CVE-2014-9222
VENDOR: Alegro
Notes:
This module exploits the arbitrary memory overwrite vulnerability in RomPager embedded web-server, which was originally introduced by CheckPoint.
Current version of the module and used offsets are calculated based on RomPager 5.04, running on TP-Link TD-W8961ND_V2_120427 firmware.
ZynOS provides a command in console "sys pswauthen" that can be used to temporarily disable authentication of web-based management interfaces.
This command sets a special flag in memory, which we overwrite with this exploit to enable/disable authentication.
Current version of the module does not support dynamic calculation of offset of the authentication flag, but knowing the model of target device, it would be easy to calculate it.

Using this exploit against different versions/devices that are vulnerable, WILL CAUSE CRASH AND REBOOT of the device.

Repeatability: Infinite
References: ['http://mis.fortunecook.ie/']
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9222
CVSS: 7.5

Learn more about the CANVAS Exploit Pack here: CANVAS