Allegro Software Development Corporation Information for VU#561444

Multiple broadband routers use vulnerable versions of Allegro RomPager

Status

Not Affected

Vendor Statement

"An example is the case of the CVE-2014-9222 and CVE-2014-9223 vulnerabilities (also known as Misfortune Cookie). These vulnerabilities were discovered in the RomPager embedded web server version 4.07, which was released in 2002. Allegro had previously identified, fixed, and released updated software components that addressed these vulnerabilities. RomPager version 4.34, which resolved these vulnerabilities, was provided to Allegro Software customers in 2005. Allegro has continued to provide updates and enhancements to the RomPager software, and the latest available version is 5.40."

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.